Accueil Explorer Aide
Connexion
Vieraw
/
Kutt
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

set 1 hour expiry for account verification

abhijithvijayan il y a 6 ans
Parent
b70932e01e
commit
ad29778bba
1 fichiers modifiés avec 8 ajouts et 7 suppressions
Vue séparée Afficher les stats Diff
  1. 8 7
      server/db/user.js

+ 8 - 7
server/db/user.js
Voir le fichier 

@@ -35,7 +35,7 @@ exports.createUser = async ({ email, password }) => {
 
     tx.run(
 
       'MERGE (u:USER { email: $email }) ' +
 
         'SET u.password = $hash , u.verified = $verified , ' +
 
-        'u.verificationToken = $verificationToken , u.createdAt = $createdAt ' +
 
+        'u.verificationToken = $verificationToken , u.verificationExpires = $verificationExpires, u.createdAt = $createdAt ' +
 
         'RETURN u',
 
       {
 
         email,
 
@@ -43,6 +43,7 @@ exports.createUser = async ({ email, password }) => {
 
         createdAt: new Date().toJSON(),
 
         verified: false,
 
         verificationToken,
 
+        verificationExpires: Date.now() + 3600000,
 
       }
 
     )
 
   );
 
@@ -55,10 +56,12 @@ exports.verifyUser = async ({ verificationToken }) => {
 
   const session = driver.session();
 
   const { records = [] } = await session.writeTransaction(tx =>
 
     tx.run(
 
-      'MATCH (u:USER { verificationToken: $verificationToken })' +
 
-        'SET u.verified = true SET u.verificationToken = NULL RETURN u',
 
+      'MATCH (u:USER) ' +
 
+        'WHERE u.verificationToken = $verificationToken AND u.verificationExpires > $currentTime ' +
 
+        'SET u.verified = true, u.verificationToken = NULL, u.verificationExpires = NULL RETURN u',
 
       {
 
         verificationToken,
 
+        currentTime: Date.now(),
 
       }
 
     )
 
   );
 
@@ -98,7 +101,6 @@ exports.generateApiKey = async ({ email }) => {
 
 
 exports.requestPasswordReset = async ({ email }) => {
 
   const session = driver.session();
 
-  const resetPasswordExpires = Date.now() + 3600000;
 
   const resetPasswordToken = nanoid(40);
 
   const { records = [] } = await session.writeTransaction(tx =>
 
     tx.run(
 
@@ -108,7 +110,7 @@ exports.requestPasswordReset = async ({ email }) => {
 
         'RETURN u',
 
       {
 
         email,
 
-        resetPasswordExpires,
 
+        resetPasswordExpires: Date.now() + 3600000,
 
         resetPasswordToken,
 
       }
 
     )
 
@@ -120,7 +122,6 @@ exports.requestPasswordReset = async ({ email }) => {
 
 
 exports.resetPassword = async ({ resetPasswordToken }) => {
 
   const session = driver.session();
 
-  const currentTime = Date.now();
 
   const { records = [] } = await session.writeTransaction(tx =>
 
     tx.run(
 
       'MATCH (u:USER) ' +
 
@@ -128,7 +129,7 @@ exports.resetPassword = async ({ resetPasswordToken }) => {
 
         'SET u.resetPasswordExpires = NULL, u.resetPasswordToken = NULL RETURN u',
 
       {
 
         resetPasswordToken,
 
-        currentTime,
 
+        currentTime: Date.now(),
 
       }
 
     )
 
   );