From 5352ed5acaeff3546b3c61ebb0886baef16dd310 Mon Sep 17 00:00:00 2001
From: Tymoteusz Czech <tymek+gpg@getunleash.ai>
Date: Wed, 12 Oct 2022 08:53:16 +0200
Subject: [PATCH] fix: password reset - response code

---
 .../routes/auth/reset-password-controller.ts  |  6 ++-
 .../reset-password-controller.e2e.test.ts     | 37 +------------------
 2 files changed, 7 insertions(+), 36 deletions(-)

diff --git a/src/lib/routes/auth/reset-password-controller.ts b/src/lib/routes/auth/reset-password-controller.ts
index 3465960e12..e82cf67133 100644
--- a/src/lib/routes/auth/reset-password-controller.ts
+++ b/src/lib/routes/auth/reset-password-controller.ts
@@ -144,7 +144,11 @@ class ResetPasswordController extends Controller {
     ): Promise<void> {
         await this.logout(req);
         const { token, password } = req.body;
-        await this.userService.resetPassword(token, password);
+        try {
+            await this.userService.resetPassword(token, password);
+        } catch (e) {
+            this.logger.error(e);
+        }
         res.status(200).end();
     }
 
diff --git a/src/test/e2e/api/auth/reset-password-controller.e2e.test.ts b/src/test/e2e/api/auth/reset-password-controller.e2e.test.ts
index 8a70ef9413..6b60128087 100644
--- a/src/test/e2e/api/auth/reset-password-controller.e2e.test.ts
+++ b/src/test/e2e/api/auth/reset-password-controller.e2e.test.ts
@@ -141,39 +141,6 @@ test('Can use token to reset password', async () => {
     expect(user.email).toBe(loggedInUser.email);
 });
 
-test('Trying to reset password with same token twice does not work', async () => {
-    const url = await resetTokenService.createResetPasswordUrl(
-        user.id,
-        adminUser.username,
-    );
-    const relative = getBackendResetUrl(url);
-    let token;
-    await app.request
-        .get(relative)
-        .expect(200)
-        .expect('Content-Type', /json/)
-        .expect((res) => {
-            token = res.body.token;
-        });
-    await app.request
-        .post('/auth/reset/password')
-        .send({
-            token,
-            password,
-        })
-        .expect(200);
-    await app.request
-        .post('/auth/reset/password')
-        .send({
-            token,
-            password,
-        })
-        .expect(403)
-        .expect((res) => {
-            expect(res.body.details[0].message).toBeTruthy();
-        });
-});
-
 test('Invalid token should yield 401', async () =>
     app.request.get('/auth/reset/validate?token=abc123').expect((res) => {
         expect(res.status).toBe(401);
@@ -234,14 +201,14 @@ test('Calling reset endpoint with already existing session should logout/destroy
     await destroy();
 });
 
-test('Trying to change password with an invalid token should yield 401', async () =>
+test('Trying to change password with an invalid token should yield 200', async () =>
     app.request
         .post('/auth/reset/password')
         .send({
             token: 'abc123',
             password,
         })
-        .expect((res) => expect(res.status).toBe(401)));
+        .expect((res) => expect(res.status).toBe(200)));
 
 test('Trying to change password to undefined should yield 400 without crashing the server', async () => {
     expect.assertions(0);