fix: database constraint on auth_tokens

2021-04-07 02:16:16 +01:00 · 2021-04-07 02:16:16 +01:00 · 3f6c0e6037
commit 3f6c0e6037
parent 9b5cf32314
2 changed files with 6 additions and 5 deletions
--- a/lib/users.js
+++ b/lib/users.js
@ -86,7 +86,7 @@ function reset2FASecret (token, id, secret) {
    return db.tx(t => {
      const q1 = t.none('UPDATE users SET twofa_code=$1 WHERE id=$2', [secret, id])
      const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
-      const q3 = t.none(`DELETE FROM auth_tokens WHERE token=$1 and type='reset_password'`, [token])
+      const q3 = t.none(`DELETE FROM auth_tokens WHERE token=$1 and type='reset_twofa'`, [token])
      return t.batch([q1, q2, q3])
    })
  })
@ -94,7 +94,7 @@ function reset2FASecret (token, id, secret) {

 function createReset2FAToken (userID) {
  const token = crypto.randomBytes(32).toString('hex')
-  const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_twofa', $2) ON CONFLICT (user_id) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
+  const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_twofa', $2) ON CONFLICT (user_id, type) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`

  return db.one(sql, [token, userID])
 }
@ -123,7 +123,7 @@ function updatePassword (token, id, password) {

 function createResetPasswordToken (userID) {
  const token = crypto.randomBytes(32).toString('hex')
-  const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_password', $2) ON CONFLICT (user_id) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
+  const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_password', $2) ON CONFLICT (user_id, type) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`

  return db.one(sql, [token, userID])
 }