local-it/vikunja-api
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Make sure a password reset token can be used only once

Browse source
This commit is contained in:
kolaente 2020-12-30 21:51:45 +01:00
parent 787044628f
commit ac23536c36
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/user/user_password_reset.go
View file

@ -63,7 +63,9 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
} }
// Save it // Save it
user.PasswordResetToken = ""
_, err = s. _, err = s.
Cols("password", "password_reset_token").
Where("id = ?", user.ID). Where("id = ?", user.ID).
Update(&user) Update(&user)
if err != nil { if err != nil {