fix: password reset - response code

2025-09-05 17:53:12 +02:00 · 2022-10-12 08:53:16 +02:00 · 2022-10-12 08:53:16 +02:00 · 5352ed5aca
commit 5352ed5aca
parent 0651c83bd1
2 changed files with 7 additions and 36 deletions
--- a/src/lib/routes/auth/reset-password-controller.ts
+++ b/src/lib/routes/auth/reset-password-controller.ts
@ -144,7 +144,11 @@ class ResetPasswordController extends Controller {
    ): Promise<void> {
        await this.logout(req);
        const { token, password } = req.body;
-        await this.userService.resetPassword(token, password);
+        try {
+            await this.userService.resetPassword(token, password);
+        } catch (e) {
+            this.logger.error(e);
+        }
        res.status(200).end();
    }

--- a/src/test/e2e/api/auth/reset-password-controller.e2e.test.ts
+++ b/src/test/e2e/api/auth/reset-password-controller.e2e.test.ts
@ -141,39 +141,6 @@ test('Can use token to reset password', async () => {
    expect(user.email).toBe(loggedInUser.email);
 });

-test('Trying to reset password with same token twice does not work', async () => {
-    const url = await resetTokenService.createResetPasswordUrl(
-        user.id,
-        adminUser.username,
-    );
-    const relative = getBackendResetUrl(url);
-    let token;
-    await app.request
-        .get(relative)
-        .expect(200)
-        .expect('Content-Type', /json/)
-        .expect((res) => {
-            token = res.body.token;
-        });
-    await app.request
-        .post('/auth/reset/password')
-        .send({
-            token,
-            password,
-        })
-        .expect(200);
-    await app.request
-        .post('/auth/reset/password')
-        .send({
-            token,
-            password,
-        })
-        .expect(403)
-        .expect((res) => {
-            expect(res.body.details[0].message).toBeTruthy();
-        });
-});
-
 test('Invalid token should yield 401', async () =>
    app.request.get('/auth/reset/validate?token=abc123').expect((res) => {
        expect(res.status).toBe(401);
@ -234,14 +201,14 @@ test('Calling reset endpoint with already existing session should logout/destroy
    await destroy();
 });

-test('Trying to change password with an invalid token should yield 401', async () =>
+test('Trying to change password with an invalid token should yield 200', async () =>
    app.request
        .post('/auth/reset/password')
        .send({
            token: 'abc123',
            password,
        })
-        .expect((res) => expect(res.status).toBe(401)));
+        .expect((res) => expect(res.status).toBe(200)));

 test('Trying to change password to undefined should yield 400 without crashing the server', async () => {
    expect.assertions(0);