#121 Don't allow clock reset for reused reset tokens
parent
04e2b9e437
commit
e1fd9fac62
|
@ -79,14 +79,10 @@ userSchema.methods.createPassToken = function () {
|
||||||
|
|
||||||
return new Promise( async (resolve, reject) => {
|
return new Promise( async (resolve, reject) => {
|
||||||
|
|
||||||
// Reuse old token, resetting clock
|
// Reuse old token
|
||||||
if (user.auth.passTokenExpires >= Date.now()) {
|
if (user.auth.passTokenExpires >= Date.now()) {
|
||||||
debug(`Reusing old password token...`)
|
debug(`Reusing old password token...`)
|
||||||
user.auth.passTokenExpires = Date.now() + 3600000 // 1 hour
|
resolve([user.auth.passToken, user.auth.passTokenExpires])
|
||||||
try {
|
|
||||||
await user.save()
|
|
||||||
resolve([user.auth.passToken, user.auth.passTokenExpires])
|
|
||||||
} catch (err) { reject(err) }
|
|
||||||
|
|
||||||
// Create new token
|
// Create new token
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue