fix: change password token check (#4934) (#4932)

This commit is contained in:
DarkSky 2023-11-14 19:15:54 +08:00 committed by LongYinan
parent 8bcc886b46
commit 8d55e5cdf9
No known key found for this signature in database
GPG Key ID: C3666B7FC82ADAD7
2 changed files with 29 additions and 2 deletions

View File

@ -23,6 +23,8 @@ import {
export const NextAuthOptionsProvide = Symbol('NextAuthOptions');
const TrustedProviders = ['google'];
export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = {
provide: NextAuthOptionsProvide,
useFactory(
@ -51,6 +53,23 @@ export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = {
}
return createUser(userData);
};
// linkAccount exists in the adapter
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
const linkAccount = prismaAdapter.linkAccount!.bind(prismaAdapter);
prismaAdapter.linkAccount = async account => {
// google account must be a verified email
if (TrustedProviders.includes(account.provider)) {
await prisma.user.update({
where: {
id: account.userId,
},
data: {
emailVerified: new Date(),
},
});
}
return linkAccount(account) as Promise<void>;
};
// getUser exists in the adapter
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
const getUser = prismaAdapter.getUser!.bind(prismaAdapter)!;

View File

@ -135,9 +135,17 @@ export class AuthResolver {
@Args('token') token: string,
@Args('newPassword') newPassword: string
) {
// we only create user account after user sign in with email link
const id = await this.session.get(token);
if (!id || id !== user.id || !user.emailVerified) {
if (!user.emailVerified) {
throw new ForbiddenException('Please verify the email first');
}
if (
!id ||
(id !== user.id &&
// change password after sign in with email link
// we only create user account after user sign in with email link
id !== user.email)
) {
throw new ForbiddenException('Invalid token');
}