#121 Don't allow clock reset for reused reset tokens

2018-03-04 21:17:54 +00:00 · 2018-03-04 21:17:54 +00:00 · e1fd9fac62
parent 04e2b9e437
commit e1fd9fac62
1 changed files with 2 additions and 6 deletions
--- a/config/models.js
+++ b/config/models.js
@ -79,14 +79,10 @@ userSchema.methods.createPassToken = function () {

  return new Promise( async (resolve, reject) => {

-    // Reuse old token, resetting clock
+    // Reuse old token
    if (user.auth.passTokenExpires >= Date.now()) {
      debug(`Reusing old password token...`)
-      user.auth.passTokenExpires = Date.now() + 3600000 // 1 hour
-      try {
-        await user.save()
-        resolve([user.auth.passToken, user.auth.passTokenExpires])
-      } catch (err) { reject(err) }
+      resolve([user.auth.passToken, user.auth.passTokenExpires])

    // Create new token
    } else {