fix: temp two factor secret checking on two factor reset

2021-04-19 16:46:43 +01:00 · 2021-04-19 16:46:43 +01:00 · 357fe75427
commit 357fe75427
parent 928caaf167
2 changed files with 6 additions and 2 deletions
--- a/lib/users.js
+++ b/lib/users.js
@ -89,7 +89,7 @@ function reset2FASecret (token, id, secret) {
  return validateAuthToken(token, 'reset_twofa').then(res => {
    if (!res.success) throw new Error('Failed to verify 2FA reset token')
    return db.tx(t => {
-      const q1 = t.none('UPDATE users SET twofa_code=$1 WHERE id=$2', [secret, id])
+      const q1 = t.none('UPDATE users SET twofa_code=$1, temp_twofa_code=NULL WHERE id=$2', [secret, id])
      const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
      const q3 = t.none(`DELETE FROM auth_tokens WHERE token=$1 and type='reset_twofa'`, [token])
      return t.batch([q1, q2, q3])