Reset token (#786)

feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2025-07-26 13:48:33 +02:00 · 2021-04-16 15:29:23 +02:00 · 2021-04-16 15:29:23 +02:00 · b55c85783b
commit b55c85783b
parent 23ea21babf
63 changed files with 1813 additions and 283 deletions
--- a/.nvmrc
+++ b/.nvmrc
@ -0,0 +1 @@
 14
--- a/package.json
+++ b/package.json
@ -72,6 +72,7 @@
    "connect-session-knex": "^2.0.0",
    "cookie-parser": "^1.4.4",
    "cookie-session": "^2.0.0-rc.1",
    "cors": "^2.8.5",
    "db-migrate": "0.11.11",
    "db-migrate-pg": "^1.2.2",
    "db-migrate-shared": "^1.2.0",
@ -108,22 +109,22 @@
    "@istanbuljs/nyc-config-typescript": "^1.0.1",
    "@passport-next/passport": "^3.1.0",
    "@passport-next/passport-google-oauth2": "^1.0.0",
    "@types/bcrypt": "^3.0.0",
    "@types/express": "^4.17.11",
    "@types/node": "^14.14.37",
    "@types/nodemailer": "^6.4.1",
    "@typescript-eslint/eslint-plugin": "^4.15.2",
    "@typescript-eslint/parser": "^4.15.2",
    "@types/bcrypt": "^3.0.0",
    "@types/owasp-password-strength-test": "^1.3.0",
    "@typescript-eslint/eslint-plugin": "^4.22.0",
    "@typescript-eslint/parser": "^4.22.0",
    "ava": "^3.7.0",
    "copyfiles": "^2.4.1",
    "coveralls": "^3.1.0",
    "eslint": "^6.8.0",
-    "eslint-config-airbnb-base": "^14.1.0",
+    "eslint-config-airbnb-base": "^14.2.1",
    "eslint-config-airbnb-typescript": "^12.3.1",
-    "eslint-config-prettier": "^6.10.1",
+    "eslint-config-prettier": "^8.1.0",
-    "eslint-plugin-import": "^2.20.2",
+    "eslint-plugin-import": "^2.22.1",
-    "eslint-plugin-prettier": "^3.1.3",
+    "eslint-plugin-prettier": "^3.3.1",
    "faker": "^5.3.1",
    "fetch-mock": "^9.11.0",
    "husky": "^4.2.3",
@ -141,7 +142,7 @@
    "supertest": "^5.0.0",
    "ts-node": "^9.1.1",
    "tsc-watch": "^4.2.9",
-    "typescript": "^4.1.5"
+    "typescript": "^4.2.4"
  },
  "resolutions": {
    "set-value": "^2.0.1",
--- a/src/lib/addons/addon.js
+++ b/src/lib/addons/addon.js
@ -38,9 +38,10 @@ class Addon {
            return res;
        }
        if (retries > 0 && retryCodes.includes(res.status)) {
-            setTimeout(() => {
+            setTimeout(
-                return this.fetchRetry(url, options, retries - 1, backoff * 2);
+                () => this.fetchRetry(url, options, retries - 1, backoff * 2),
-            }, backoff);
+                backoff,
            );
        }
        return res;
    }
--- a/src/lib/app.ts
+++ b/src/lib/app.ts
@ -4,7 +4,7 @@ import apiTokenMiddleware from './middleware/api-token-middleware';
 import { AuthenticationType } from './types/core';
 const express = require('express');
-
+const cors = require('cors');
 const compression = require('compression');
 const favicon = require('serve-favicon');
 const cookieParser = require('cookie-parser');
@ -33,6 +33,10 @@ module.exports = function(config, services = {}) {
        config.preHook(app, config, services);
    }
    if (process.env.NODE_ENV === 'development') {
        app.use(cors());
    }
    app.use(compression());
    app.use(cookieParser());
    app.use(express.json({ strict: false }));
--- a/src/lib/db/feature-toggle-store.js
+++ b/src/lib/db/feature-toggle-store.js
@ -272,13 +272,11 @@ class FeatureToggleStore {
        const rows = await this.db(FEATURE_TAG_TABLE).select(
            FEATURE_TAG_COLUMNS,
        );
-        return rows.map(row => {
+        return rows.map(row => ({
-            return {
+            featureName: row.feature_name,
-                featureName: row.feature_name,
+            tagType: row.tag_type,
-                tagType: row.tag_type,
+            tagValue: row.tag_value,
-                tagValue: row.tag_value,
+        }));
            };
        });
    }
    async dropFeatureTags() {
--- a/src/lib/db/index.js
+++ b/src/lib/db/index.js
@ -2,6 +2,7 @@
 // eslint-disable-next-line
 import { AccessStore } from './access-store';
 import { ResetTokenStore } from './reset-token-store';
 const { createDb } = require('./db-pool');
 const EventStore = require('./event-store');
@ -57,5 +58,6 @@ module.exports.createStores = (config, eventBus) => {
        addonStore: new AddonStore(db, eventBus, getLogger),
        accessStore: new AccessStore(db, eventBus, getLogger),
        apiTokenStore: new ApiTokenStore(db, eventBus, getLogger),
        resetTokenStore: new ResetTokenStore(db, eventBus, getLogger),
    };
 };
--- a/src/lib/db/reset-token-store.ts
+++ b/src/lib/db/reset-token-store.ts
@ -0,0 +1,131 @@
 import { EventEmitter } from 'events';
 import { Knex } from 'knex';
 import metricsHelper from '../metrics-helper';
 import { DB_TIME } from '../events';
 import { Logger, LogProvider } from '../logger';
 import NotFoundError from '../error/notfound-error';
 const TABLE = 'reset_tokens';
 interface IResetTokenTable {
    reset_token: string;
    user_id: number;
    expires_at: Date;
    created_at: Date;
    created_by: string;
    used_at: Date;
 }
 export interface IResetTokenCreate {
    reset_token: string;
    user_id: number;
    expires_at: Date;
    created_by?: string;
 }
 export interface IResetToken {
    userId: number;
    token: string;
    createdBy: string;
    expiresAt: Date;
    createdAt: Date;
    usedAt?: Date;
 }
 export interface IResetQuery {
    userId: number;
    token: string;
 }
 export interface IResetTokenQuery {
    user_id: number;
    reset_token: string;
 }
 const rowToResetToken = (row: IResetTokenTable): IResetToken => {
    return {
        userId: row.user_id,
        token: row.reset_token,
        expiresAt: row.expires_at,
        createdAt: row.created_at,
        createdBy: row.created_by,
        usedAt: row.used_at,
    };
 };
 export class ResetTokenStore {
    private logger: Logger;
    private timer: Function;
    private db: Knex;
    constructor(db: Knex, eventBus: EventEmitter, getLogger: LogProvider) {
        this.db = db;
        this.logger = getLogger('db/reset-token-store.js');
        this.timer = (action: string) =>
            metricsHelper.wrapTimer(eventBus, DB_TIME, {
                store: 'reset-tokens',
                action,
            });
    }
    async getActive(token: string): Promise<IResetToken> {
        const row = await this.db<IResetTokenTable>(TABLE)
            .where({ reset_token: token })
            .where('expires_at', '>', new Date())
            .first();
        if (!row) {
            throw new NotFoundError('Could not find an active token');
        }
        return rowToResetToken(row);
    }
    async insert(newToken: IResetTokenCreate): Promise<IResetToken> {
        const [row] = await this.db<IResetTokenTable>(TABLE)
            .insert(newToken)
            .returning(['created_at']);
        return {
            userId: newToken.user_id,
            token: newToken.reset_token,
            expiresAt: newToken.expires_at,
            createdAt: row.created_at,
            createdBy: newToken.created_by,
        };
    }
    async useToken(token: IResetQuery): Promise<boolean> {
        try {
            await this.db<IResetTokenTable>(TABLE)
                .update({ used_at: new Date() })
                .where({ reset_token: token.token, user_id: token.userId });
            return true;
        } catch (e) {
            return false;
        }
    }
    async delete({ reset_token }: IResetTokenQuery): Promise<void> {
        return this.db(TABLE)
            .where(reset_token)
            .del();
    }
    async deleteAll(): Promise<void> {
        return this.db(TABLE).del();
    }
    async deleteExpired(): Promise<void> {
        return this.db(TABLE)
            .where('expires_at', '<', new Date())
            .del();
    }
    async expireExistingTokensForUser(user_id: number): Promise<void> {
        await this.db<IResetTokenTable>(TABLE)
            .where({ user_id })
            .update({
                expires_at: new Date(),
            });
    }
 }
--- a/src/lib/error/invalid-token-error.ts
+++ b/src/lib/error/invalid-token-error.ts
@ -0,0 +1,24 @@
 class InvalidTokenError extends Error {
    constructor() {
        super();
        Error.captureStackTrace(this, this.constructor);
        this.name = this.constructor.name;
        this.message = 'Token was not valid';
    }
    toJSON(): any {
        const obj = {
            isJoi: true,
            name: this.constructor.name,
            details: [
                {
                    message: this.message,
                },
            ],
        };
        return obj;
    }
 }
 export default InvalidTokenError;
 module.exports = InvalidTokenError;
--- a/src/lib/error/owasp-validation-error.ts
+++ b/src/lib/error/owasp-validation-error.ts
@ -0,0 +1,29 @@
 import { TestResult } from 'owasp-password-strength-test';
 class OwaspValidationError extends Error {
    private errors: string[];
    constructor(testResult: TestResult) {
        super(testResult.errors[0]);
        Error.captureStackTrace(this, this.constructor);
        this.name = this.constructor.name;
        this.errors = testResult.errors;
    }
    toJSON(): any {
        const obj = {
            isJoi: true,
            name: this.constructor.name,
            details: [
                {
                    validationErrors: this.errors,
                    message: this.errors[0],
                },
            ],
        };
        return obj;
    }
 }
 export default OwaspValidationError;
 module.exports = OwaspValidationError;
--- a/src/lib/error/used-token-error.ts
+++ b/src/lib/error/used-token-error.ts
@ -0,0 +1,24 @@
 class UsedTokenError extends Error {
    constructor(usedAt: Date) {
        super();
        Error.captureStackTrace(this, this.constructor);
        this.name = this.constructor.name;
        this.message = `Token was already used at ${usedAt}`;
    }
    toJSON(): any {
        const obj = {
            isJoi: true,
            name: this.constructor.name,
            details: [
                {
                    message: this.message,
                },
            ],
        };
        return obj;
    }
 }
 export default UsedTokenError;
 module.exports = UsedTokenError;
--- a/src/lib/middleware/api-token-middleware.test.ts
+++ b/src/lib/middleware/api-token-middleware.test.ts
@ -101,6 +101,7 @@ test('should not add user if disabled', async t => {
            enableApiToken: false,
            createAdminUser: false,
        },
        unleashUrl: 'http://localhost:4242',
    };
    const func = apiTokenMiddleware(disabledConfig, { apiTokenService });
--- a/src/lib/middleware/content_type_checker.test.js
+++ b/src/lib/middleware/content_type_checker.test.js
@ -11,26 +11,20 @@ const mockRequest = contentType => ({
    },
 });
-const returns415 = t => {
+const returns415 = t => ({
-    return {
+    status: code => {
-        status: code => {
+        t.is(415, code);
-            t.is(415, code);
+        return {
-            return {
+            end: t.pass,
-                end: t.pass,
+        };
-            };
+    },
-        },
+});
    };
 };
-const expectNoCall = t => {
+const expectNoCall = t => ({
-    return {
+    status: () => ({
-        status: () => {
+        end: t.fail,
-            return {
+    }),
-                end: t.fail,
+});
            };
        },
    };
 };
 test('Content-type middleware should by default only support application/json', t => {
    const middleware = requireContentType();
--- a/src/lib/middleware/oss-authentication.js
+++ b/src/lib/middleware/oss-authentication.js
@ -3,13 +3,12 @@ const AuthenticationRequired = require('../authentication-required');
 function ossAuthHook(app, config) {
    const { baseUriPath } = config;
-    const generateAuthResponse = async () => {
+    const generateAuthResponse = async () =>
-        return new AuthenticationRequired({
+        new AuthenticationRequired({
            type: 'password',
            path: `${baseUriPath}/auth/simple/login`,
            message: 'You must sign in order to use Unleash',
        });
    };
    app.use(`${baseUriPath}/api`, async (req, res, next) => {
        if (req.session && req.session.user) {
--- a/src/lib/routes/admin-api/email.js
+++ b/src/lib/routes/admin-api/email.js
@ -1,6 +1,6 @@
 import { ADMIN } from '../../permissions';
 import { TemplateFormat } from '../../services/email-service';
 import { handleErrors } from './util';
 import { ADMIN } from '../../permissions';
 const Controller = require('../controller');
--- a/src/lib/routes/admin-api/user-admin.ts
+++ b/src/lib/routes/admin-api/user-admin.ts
@ -2,8 +2,11 @@ import Controller from '../controller';
 import { ADMIN } from '../../permissions';
 import { IUnleashConfig } from '../../types/core';
 import UserService from '../../services/user-service';
-import { AccessService, RoleName } from '../../services/access-service';
+import { AccessService } from '../../services/access-service';
 import { Logger } from '../../logger';
 import { handleErrors } from './util';
 const getCreatorUsernameOrPassword = req => req.user.username || req.user.email;
 class UserAdminController extends Controller {
    private userService: UserService;
@ -25,6 +28,21 @@ class UserAdminController extends Controller {
        this.put('/:id', this.updateUser, ADMIN);
        this.post('/:id/change-password', this.changePassword, ADMIN);
        this.delete('/:id', this.deleteUser, ADMIN);
        this.post('/reset-password', this.resetPassword);
    }
    async resetPassword(req, res) {
        try {
            const requester = getCreatorUsernameOrPassword(req);
            const receiver = req.body.id;
            const resetPasswordUrl = await this.userService.createResetPasswordEmail(
                receiver,
                requester,
            );
            res.json({ resetPasswordUrl });
        } catch (e) {
            handleErrors(res, this.logger, e);
        }
    }
    async getUsers(req, res) {
--- a/src/lib/routes/admin-api/user.js
+++ b/src/lib/routes/admin-api/user.js
@ -5,7 +5,7 @@ const Controller = require('../controller');
 class UserController extends Controller {
    constructor(config) {
        super(config);
-
+        this.logger = config.getLogger('admin-api/user.js');
        this.get('/', this.getUser);
        this.get('/logout', this.logout);
    }
--- a/src/lib/routes/admin-api/util.js
+++ b/src/lib/routes/admin-api/util.js
@ -52,6 +52,21 @@ const handleErrors = (res, logger, error) => {
                .status(409)
                .json(error)
                .end();
        case 'UsedTokenError':
            return res
                .status(403)
                .json(error)
                .end();
        case 'InvalidTokenError':
            return res
                .status(401)
                .json(error)
                .end();
        case 'OwaspValidationError':
            return res
                .status(400)
                .json(error)
                .end();
        default:
            logger.error('Server failed executing request', error);
            return res.status(500).end();
--- a/src/lib/routes/auth/reset-password-controller.ts
+++ b/src/lib/routes/auth/reset-password-controller.ts
@ -0,0 +1,89 @@
 import { Request, Response } from 'express';
 import Controller from '../controller';
 import UserService from '../../services/user-service';
 import { IUnleashConfig } from '../../types/core';
 import { Logger } from '../../logger';
 import { handleErrors } from '../admin-api/util';
 interface IServices {
    userService: UserService;
 }
 interface IValidateQuery {
    token: string;
 }
 interface IChangePasswordBody {
    token: string;
    password: string;
 }
 const UNLEASH = 'Unleash';
 class ResetPasswordController extends Controller {
    userService: UserService;
    logger: Logger;
    constructor(config: IUnleashConfig, { userService }: IServices) {
        super(config);
        this.logger = config.getLogger(
            'lib/routes/auth/reset-password-controller.ts',
        );
        this.userService = userService;
        this.get('/validate', this.validateToken);
        this.post('/password', this.changePassword);
        this.post('/validate-password', this.validatePassword);
        this.post('/password-email', this.sendResetPasswordEmail);
    }
    async sendResetPasswordEmail(req: Request, res: Response): Promise<void> {
        const { email } = req.body;
        try {
            await this.userService.createResetPasswordEmail(email, UNLEASH);
            res.status(200).end();
        } catch (e) {
            handleErrors(res, this.logger, e);
        }
    }
    async validatePassword(req: Request, res: Response): Promise<void> {
        const { password } = req.body;
        try {
            this.userService.validatePassword(password);
            res.status(200).end();
        } catch (e) {
            handleErrors(res, this.logger, e);
        }
    }
    async validateToken(
        req: Request<unknown, unknown, unknown, IValidateQuery>,
        res: Response,
    ): Promise<void> {
        const { token } = req.query;
        try {
            const user = await this.userService.getUserForToken(token);
            res.status(200).json(user);
        } catch (e) {
            handleErrors(res, this.logger, e);
        }
    }
    async changePassword(
        req: Request<unknown, unknown, IChangePasswordBody, unknown>,
        res: Response,
    ): Promise<void> {
        const { token, password } = req.body;
        try {
            await this.userService.resetPassword(token, password);
            res.status(200).end();
        } catch (e) {
            handleErrors(res, this.logger, e);
        }
    }
 }
 export default ResetPasswordController;
 module.exports = ResetPasswordController;
--- a/src/lib/routes/controller.js
+++ b/src/lib/routes/controller.js
@ -4,19 +4,17 @@ const { Router } = require('express');
 const NoAccessError = require('../error/no-access-error');
 const requireContentType = require('../middleware/content_type_checker');
-const checkPermission = permission => {
+const checkPermission = permission => async (req, res, next) => {
-    return async (req, res, next) => {
+    if (!permission) {
-        if (!permission) {
+        return next();
-            return next();
+    }
-        }
+    if (req.checkRbac && (await req.checkRbac(permission))) {
-        if (req.checkRbac && (await req.checkRbac(permission))) {
+        return next();
-            return next();
+    }
-        }
+    return res
-        return res
+        .status(403)
-            .status(403)
+        .json(new NoAccessError(permission))
-            .json(new NoAccessError(permission))
+        .end();
            .end();
    };
 };
 /**
--- a/src/lib/routes/index.ts
+++ b/src/lib/routes/index.ts
@ -1,4 +1,5 @@
 import { BackstageController } from './backstage';
 import ResetPasswordController from './auth/reset-password-controller';
 const AdminApi = require('./admin-api');
 const ClientApi = require('./client-api');
@ -18,6 +19,10 @@ class IndexRouter extends Controller {
            '/auth/simple',
            new SimplePasswordProvider(config, services).router,
        );
        this.use(
            '/auth/reset',
            new ResetPasswordController(config, services).router,
        );
        this.get(api.uri, this.index);
        this.use(api.links.admin.uri, new AdminApi(config, services).router);
        this.use(api.links.client.uri, new ClientApi(config, services).router);
--- a/src/lib/server-impl.js
+++ b/src/lib/server-impl.js
@ -85,9 +85,9 @@ async function createApp(options) {
            const stop = () => {
                logger.info('Shutting down Unleash...');
-                return closeServer({ server, metricsMonitor }).then(() => {
+                return closeServer({ server, metricsMonitor }).then(() =>
-                    return destroyDatabase(stores);
+                    destroyDatabase(stores),
-                });
+                );
            };
            server.keepAliveTimeout = options.keepAliveTimeout;
--- a/src/lib/services/client-metrics/index.js
+++ b/src/lib/services/client-metrics/index.js
@ -88,13 +88,11 @@ module.exports = class ClientMetricsService {
        if (this.clientAppStore) {
            const appsToAnnounce = await this.clientAppStore.setUnannouncedToAnnounced();
            if (appsToAnnounce.length > 0) {
-                const events = appsToAnnounce.map(app => {
+                const events = appsToAnnounce.map(app => ({
-                    return {
+                    type: APPLICATION_CREATED,
-                        type: APPLICATION_CREATED,
+                    createdBy: app.createdBy || 'unknown',
-                        createdBy: app.createdBy || 'unknown',
+                    data: app,
-                        data: app,
+                }));
                    };
                });
                await this.eventStore.batchStore(events);
            }
        }
--- a/src/lib/services/email-service.test.ts
+++ b/src/lib/services/email-service.test.ts
@ -5,42 +5,43 @@ import noLoggerProvider from '../../test/fixtures/no-logger';
 test('Can send reset email', async t => {
    const emailService = new EmailService(
        {
-            host: '',
+            host: 'test',
            port: 587,
            secure: false,
            auth: {
                user: '',
-                password: '',
+                pass: '',
            },
            sender: 'noreply@getunleash.ai',
            transporterType: TransporterType.JSON,
        },
        noLoggerProvider,
    );
    const resetLinkUrl =
        'https://unleash-hosted.com/reset-password?token=$2b$10$M06Ysso6KL4ueH/xR6rdSuY5GSymdIwmIkEUJMRkB.Qn26r5Gi5vW';
    const content = await emailService.sendResetMail(
        'Some username',
-        'test@test.com',
+        'test@resetLinkUrl.com',
-        'abc123',
+        resetLinkUrl,
    );
    const message = JSON.parse(content.message);
    t.is(message.from.address, 'noreply@getunleash.ai');
-    t.is(message.subject, 'Someone has requested to reset your password');
+    t.is(message.subject, 'Unleash - Reset your password');
-    t.true(message.html.indexOf('Some username') > 0);
+    t.true(message.html.includes(resetLinkUrl));
-    t.true(message.text.indexOf('Some username') > 0);
+    t.true(message.text.includes(resetLinkUrl));
    t.true(message.html.indexOf('abc123') > 0);
    t.true(message.text.indexOf('abc123') > 0);
 });
 test('Can send welcome mail', async t => {
    const emailService = new EmailService(
        {
-            host: '',
+            host: 'test',
            port: 9999,
            secure: false,
            sender: 'noreply@getunleash.ai',
            auth: {
                user: '',
-                password: '',
+                pass: '',
            },
            transporterType: TransporterType.JSON,
        },
@ -53,8 +54,5 @@ test('Can send welcome mail', async t => {
    );
    const message = JSON.parse(content.message);
    t.is(message.from.address, 'noreply@getunleash.ai');
-    t.is(
+    t.is(message.subject, 'Welcome to Unleash');
        message.subject,
        'Welcome to Unleash. Please configure your password.',
    );
 });
--- a/src/lib/services/email-service.ts
+++ b/src/lib/services/email-service.ts
@ -7,7 +7,7 @@ import NotFoundError from '../error/notfound-error';
 export interface IAuthOptions {
    user: string;
-    password: string;
+    pass: string;
 }
 export enum TemplateFormat {
@ -29,9 +29,8 @@ export interface IEmailOptions {
    transporterType: TransporterType;
 }
-const RESET_MAIL_SUBJECT = 'Someone has requested to reset your password';
+const RESET_MAIL_SUBJECT = 'Unleash - Reset your password';
-const GETTING_STARTED_SUBJECT =
+const GETTING_STARTED_SUBJECT = 'Welcome to Unleash';
    'Welcome to Unleash. Please configure your password.';
 export class EmailService {
    private logger: Logger;
@ -42,12 +41,12 @@ export class EmailService {
    constructor(email: IEmailOptions | undefined, getLogger: LogProvider) {
        this.logger = getLogger('services/email-service.ts');
-        if (email) {
+        if (email && email.host) {
            this.sender = email.sender;
            if (email.transporterType === TransporterType.JSON) {
                this.mailer = createTransport({ jsonTransport: true });
            } else {
-                const connectionString = `${email.auth.user}:${email.auth.password}@${email.host}:${email.port}`;
+                const connectionString = `${email.auth.user}:${email.auth.pass}@${email.host}:${email.port}`;
                this.mailer = email.secure
                    ? createTransport(`smtps://${connectionString}`)
                    : createTransport(`smtp://${connectionString}`);
--- a/src/lib/services/index.js
+++ b/src/lib/services/index.js
@ -12,6 +12,7 @@ const { EmailService } = require('./email-service');
 const { AccessService } = require('./access-service');
 const { ApiTokenService } = require('./api-token-service');
 const UserService = require('./user-service');
 const ResetTokenService = require('./reset-token-service');
 module.exports.createServices = (stores, config) => {
    const accessService = new AccessService(stores, config);
@ -31,7 +32,12 @@ module.exports.createServices = (stores, config) => {
    const versionService = new VersionService(stores, config);
    const apiTokenService = new ApiTokenService(stores, config);
    const emailService = new EmailService(config.email, config.getLogger);
-    const userService = new UserService(stores, config, accessService);
+    const resetTokenService = new ResetTokenService(stores, config);
    const userService = new UserService(stores, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    return {
        accessService,
@ -48,5 +54,6 @@ module.exports.createServices = (stores, config) => {
        apiTokenService,
        emailService,
        userService,
        resetTokenService,
    };
 };
--- a/src/lib/services/reset-token-service.ts
+++ b/src/lib/services/reset-token-service.ts
@ -0,0 +1,110 @@
 import crypto from 'crypto';
 import bcrypt from 'bcrypt';
 import { URL } from 'url';
 import {
    ResetTokenStore,
    IResetToken,
    IResetQuery,
 } from '../db/reset-token-store';
 import { Logger } from '../logger';
 import UserStore from '../db/user-store';
 import UsedTokenError from '../error/used-token-error';
 import { IUnleashConfig } from '../types/core';
 import InvalidTokenError from '../error/invalid-token-error';
 const ONE_DAY = 86_400_000;
 interface IStores {
    resetTokenStore: ResetTokenStore;
    userStore: UserStore;
 }
 export default class ResetTokenService {
    private store: ResetTokenStore;
    private logger: Logger;
    private readonly unleashBase: URL;
    constructor(
        stores: IStores,
        {
            getLogger,
            baseUriPath,
            unleashUrl = 'http://localhost:4242',
        }: IUnleashConfig,
    ) {
        this.store = stores.resetTokenStore;
        this.logger = getLogger('/services/reset-token-service.ts');
        this.unleashBase = new URL(baseUriPath, unleashUrl);
    }
    async useAccessToken(token: IResetQuery): Promise<boolean> {
        try {
            await this.isValid(token.token);
            await this.store.useToken(token);
            return true;
        } catch (e) {
            return false;
        }
    }
    async isValid(token: string): Promise<IResetToken> {
        let t;
        try {
            t = await this.store.getActive(token);
            if (!t.usedAt) {
                return t;
            }
        } catch (e) {
            throw new InvalidTokenError();
        }
        throw new UsedTokenError(t.usedAt);
    }
    private async createResetUrl(
        forUser: number,
        creator: string,
        path: string,
    ): Promise<URL> {
        const token = await this.createToken(forUser, creator);
        return Promise.resolve(
            new URL(`${path}?token=${token.token}`, this.unleashBase),
        );
    }
    async createWelcomeUrl(forUser: number, creator: string): Promise<URL> {
        const path = '/#/new-user';
        return this.createResetUrl(forUser, creator, path);
    }
    async createResetPasswordUrl(
        forUser: number,
        creator: string,
    ): Promise<URL> {
        const path = '/#/reset-password';
        return this.createResetUrl(forUser, creator, path);
    }
    async createToken(
        tokenUser: number,
        creator: string,
        expiryDelta: number = ONE_DAY,
    ): Promise<IResetToken> {
        const token = await this.generateToken();
        const expiry = new Date(Date.now() + expiryDelta);
        await this.store.expireExistingTokensForUser(tokenUser);
        return this.store.insert({
            reset_token: token,
            user_id: tokenUser,
            expires_at: expiry,
            created_by: creator,
        });
    }
    private generateToken(): Promise<string> {
        return bcrypt.hash(crypto.randomBytes(32), 10);
    }
 }
 module.exports = ResetTokenService;
--- a/src/lib/services/state-service.js
+++ b/src/lib/services/state-service.js
@ -183,13 +183,11 @@ class StateService {
            const importedProjects = await this.projectStore.importProjects(
                projectsToImport,
            );
-            const importedProjectEvents = importedProjects.map(project => {
+            const importedProjectEvents = importedProjects.map(project => ({
-                return {
+                type: PROJECT_IMPORT,
-                    type: PROJECT_IMPORT,
+                createdBy: userName,
-                    createdBy: userName,
+                data: project,
-                    data: project,
+            }));
                };
            });
            await this.eventStore.batchStore(importedProjectEvents);
        }
    }
@ -272,13 +270,11 @@ class StateService {
            const importedFeatureTags = await this.toggleStore.importFeatureTags(
                featureTagsToInsert,
            );
-            const importedFeatureTagEvents = importedFeatureTags.map(tag => {
+            const importedFeatureTagEvents = importedFeatureTags.map(tag => ({
-                return {
+                type: FEATURE_TAG_IMPORT,
-                    type: FEATURE_TAG_IMPORT,
+                createdBy: userName,
-                    createdBy: userName,
+                data: tag,
-                    data: tag,
+            }));
                };
            });
            await this.eventStore.batchStore(importedFeatureTagEvents);
        }
    }
@ -294,13 +290,11 @@ class StateService {
        );
        if (tagsToInsert.length > 0) {
            const importedTags = await this.tagStore.bulkImport(tagsToInsert);
-            const importedTagEvents = importedTags.map(tag => {
+            const importedTagEvents = importedTags.map(tag => ({
-                return {
+                type: TAG_IMPORT,
-                    type: TAG_IMPORT,
+                createdBy: userName,
-                    createdBy: userName,
+                data: tag,
-                    data: tag,
+            }));
                };
            });
            await this.eventStore.batchStore(importedTagEvents);
        }
    }
@ -315,13 +309,11 @@ class StateService {
            const importedTagTypes = await this.tagTypeStore.bulkImport(
                tagTypesToInsert,
            );
-            const importedTagTypeEvents = importedTagTypes.map(tagType => {
+            const importedTagTypeEvents = importedTagTypes.map(tagType => ({
-                return {
+                type: TAG_TYPE_IMPORT,
-                    type: TAG_TYPE_IMPORT,
+                createdBy: userName,
-                    createdBy: userName,
+                data: tagType,
-                    data: tagType,
+            }));
                };
            });
            await this.eventStore.batchStore(importedTagTypeEvents);
        }
    }
--- a/src/lib/services/state-util.js
+++ b/src/lib/services/state-util.js
@ -2,36 +2,28 @@ const fs = require('fs');
 const mime = require('mime');
 const YAML = require('js-yaml');
-const readFile = file => {
+const readFile = file =>
-    return new Promise((resolve, reject) =>
+    new Promise((resolve, reject) =>
        fs.readFile(file, (err, v) => (err ? reject(err) : resolve(v))),
    );
 const parseFile = (file, data) =>
    mime.getType(file) === 'text/yaml' ? YAML.safeLoad(data) : JSON.parse(data);
 const filterExisting = (keepExisting, existingArray = []) => item => {
    if (keepExisting) {
        const found = existingArray.find(t => t.name === item.name);
        return !found;
    }
    return true;
 };
-const parseFile = (file, data) => {
+const filterEqual = (existingArray = []) => item => {
-    return mime.getType(file) === 'text/yaml'
+    const toggle = existingArray.find(t => t.name === item.name);
-        ? YAML.safeLoad(data)
+    if (toggle) {
-        : JSON.parse(data);
+        return JSON.stringify(toggle) !== JSON.stringify(item);
-};
+    }
-
+    return true;
 const filterExisting = (keepExisting, existingArray = []) => {
    return item => {
        if (keepExisting) {
            const found = existingArray.find(t => t.name === item.name);
            return !found;
        }
        return true;
    };
 };
 const filterEqual = (existingArray = []) => {
    return item => {
        const toggle = existingArray.find(t => t.name === item.name);
        if (toggle) {
            return JSON.stringify(toggle) !== JSON.stringify(item);
        }
        return true;
    };
 };
 module.exports = {
--- a/src/lib/services/user-service.test.ts
+++ b/src/lib/services/user-service.test.ts
@ -3,20 +3,35 @@ import UserService from './user-service';
 import UserStoreMock from '../../test/fixtures/fake-user-store';
 import AccessServiceMock from '../../test/fixtures/access-service-mock';
 import noLogger from '../../test/fixtures/no-logger';
 import { RoleName } from './access-service';
 import { IUnleashConfig } from '../types/core';
 import { ResetTokenStoreMock } from '../../test/fixtures/fake-reset-token-store';
 import ResetTokenService from './reset-token-service';
 import { EmailService } from './email-service';
 import OwaspValidationError from '../error/owasp-validation-error';
 const config: IUnleashConfig = {
    getLogger: noLogger,
    baseUriPath: '',
    authentication: { enableApiToken: true, createAdminUser: false },
    unleashUrl: 'http://localhost:4242',
    email: undefined,
 };
 test('Should create new user', async t => {
    const userStore = new UserStoreMock();
    const accessService = new AccessServiceMock();
    const resetTokenStore = new ResetTokenStoreMock();
    const resetTokenService = new ResetTokenService(
        { userStore, resetTokenStore },
        config,
    );
    const emailService = new EmailService(config.email, config.getLogger);
-    const service = new UserService({ userStore }, config, accessService);
+    const service = new UserService({ userStore }, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    const user = await service.createUser({
        username: 'test',
        rootRole: 1,
@ -33,7 +48,18 @@ test('Should create new user', async t => {
 test('Should create default user', async t => {
    const userStore = new UserStoreMock();
    const accessService = new AccessServiceMock();
-    const service = new UserService({ userStore }, config, accessService);
+    const resetTokenStore = new ResetTokenStoreMock();
    const resetTokenService = new ResetTokenService(
        { userStore, resetTokenStore },
        config,
    );
    const emailService = new EmailService(config.email, config.getLogger);
    const service = new UserService({ userStore }, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    await service.initAdminUser();
@ -44,7 +70,19 @@ test('Should create default user', async t => {
 test('Should be a valid password', async t => {
    const userStore = new UserStoreMock();
    const accessService = new AccessServiceMock();
-    const service = new UserService({ userStore }, config, accessService);
+    const resetTokenStore = new ResetTokenStoreMock();
    const resetTokenService = new ResetTokenService(
        { userStore, resetTokenStore },
        config,
    );
    const emailService = new EmailService(config.email, config.getLogger);
    const service = new UserService({ userStore }, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    const valid = service.validatePassword('this is a strong password!');
@ -54,47 +92,106 @@ test('Should be a valid password', async t => {
 test('Password must be at least 10 chars', async t => {
    const userStore = new UserStoreMock();
    const accessService = new AccessServiceMock();
-    const service = new UserService({ userStore }, config, accessService);
+    const resetTokenStore = new ResetTokenStoreMock();
    const resetTokenService = new ResetTokenService(
        { userStore, resetTokenStore },
        config,
    );
    const emailService = new EmailService(config.email, config.getLogger);
    const service = new UserService({ userStore }, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    t.throws(() => service.validatePassword('admin'), {
        message: 'The password must be at least 10 characters long.',
        instanceOf: OwaspValidationError,
    });
 });
 test('The password must contain at least one uppercase letter.', async t => {
    const userStore = new UserStoreMock();
    const accessService = new AccessServiceMock();
-    const service = new UserService({ userStore }, config, accessService);
+    const resetTokenStore = new ResetTokenStoreMock();
    const resetTokenService = new ResetTokenService(
        { userStore, resetTokenStore },
        config,
    );
    const emailService = new EmailService(config.email, config.getLogger);
    const service = new UserService({ userStore }, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    t.throws(() => service.validatePassword('qwertyabcde'), {
        message: 'The password must contain at least one uppercase letter.',
        instanceOf: OwaspValidationError,
    });
 });
 test('The password must contain at least one number', async t => {
    const userStore = new UserStoreMock();
    const accessService = new AccessServiceMock();
-    const service = new UserService({ userStore }, config, accessService);
+    const resetTokenStore = new ResetTokenStoreMock();
    const resetTokenService = new ResetTokenService(
        { userStore, resetTokenStore },
        config,
    );
    const emailService = new EmailService(config.email, config.getLogger);
    const service = new UserService({ userStore }, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    t.throws(() => service.validatePassword('qwertyabcdE'), {
        message: 'The password must contain at least one number.',
        instanceOf: OwaspValidationError,
    });
 });
 test('The password must contain at least one special character', async t => {
    const userStore = new UserStoreMock();
    const accessService = new AccessServiceMock();
-    const service = new UserService({ userStore }, config, accessService);
+    const resetTokenStore = new ResetTokenStoreMock();
    const resetTokenService = new ResetTokenService(
        { userStore, resetTokenStore },
        config,
    );
    const emailService = new EmailService(config.email, config.getLogger);
    const service = new UserService({ userStore }, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    t.throws(() => service.validatePassword('qwertyabcdE2'), {
        message: 'The password must contain at least one special character.',
        instanceOf: OwaspValidationError,
    });
 });
 test('Should be a valid password with special chars', async t => {
    const userStore = new UserStoreMock();
    const accessService = new AccessServiceMock();
-    const service = new UserService({ userStore }, config, accessService);
+    const resetTokenStore = new ResetTokenStoreMock();
    const resetTokenService = new ResetTokenService(
        { userStore, resetTokenStore },
        config,
    );
    const emailService = new EmailService(config.email, config.getLogger);
    const service = new UserService({ userStore }, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    const valid = service.validatePassword('this is a strong password!');
--- a/src/lib/services/user-service.ts
+++ b/src/lib/services/user-service.ts
@ -3,13 +3,20 @@ import bcrypt from 'bcrypt';
 import owasp from 'owasp-password-strength-test';
 import Joi from 'joi';
 import { URL } from 'url';
 import UserStore, { IUserSearch } from '../db/user-store';
 import { Logger } from '../logger';
 import { IUnleashConfig } from '../types/core';
 import User, { IUser } from '../user';
 import isEmail from '../util/is-email';
-import { AccessService, RoleName } from './access-service';
+import { AccessService, IRoleData, RoleName } from './access-service';
 import { ADMIN } from '../permissions';
 import ResetTokenService from './reset-token-service';
 import InvalidTokenError from '../error/invalid-token-error';
 import NotFoundError from '../error/notfound-error';
 import OwaspValidationError from '../error/owasp-validation-error';
 import { EmailService } from './email-service';
 import { IRole } from '../db/access-store';
 export interface ICreateUser {
    name?: string;
@ -29,11 +36,27 @@ export interface IUpdateUser {
 interface IUserWithRole extends IUser {
    rootRole: number;
 }
 interface IRoleDescription {
    description: string;
    name: string;
    type: string;
 }
 interface ITokenUser extends IUpdateUser {
    createdBy: string;
    token: string;
    role: IRoleDescription;
 }
 interface IStores {
    userStore: UserStore;
 }
 interface IServices {
    accessService: AccessService;
    resetTokenService: ResetTokenService;
    emailService: EmailService;
 }
 const saltRounds = 10;
 class UserService {
@ -43,15 +66,20 @@ class UserService {
    private accessService: AccessService;
    private resetTokenService: ResetTokenService;
    private emailService: EmailService;
    constructor(
        stores: IStores,
        config: IUnleashConfig,
-        accessService: AccessService,
+        { accessService, resetTokenService, emailService }: IServices,
    ) {
        this.logger = config.getLogger('service/user-service.js');
        this.store = stores.userStore;
        this.accessService = accessService;
-
+        this.resetTokenService = resetTokenService;
        this.emailService = emailService;
        if (config.authentication && config.authentication.createAdminUser) {
            process.nextTick(() => this.initAdminUser());
        }
@ -60,7 +88,7 @@ class UserService {
    validatePassword(password: string): boolean {
        const result = owasp.test(password);
        if (!result.strong) {
-            throw new Error(result.errors[0]);
+            throw new OwaspValidationError(result);
        } else return true;
    }
@ -117,6 +145,10 @@ class UserService {
        return this.store.search(query);
    }
    async getByEmail(email: string): Promise<User> {
        return this.store.get({ email });
    }
    async createUser({
        username,
        email,
@ -231,6 +263,61 @@ class UserService {
        await this.store.delete(userId);
    }
    async getUserForToken(token: string): Promise<ITokenUser> {
        const { createdBy, userId } = await this.resetTokenService.isValid(
            token,
        );
        const user = await this.getUser(userId);
        const role = await this.accessService.getRole(user.rootRole);
        return {
            token,
            createdBy,
            email: user.email,
            name: user.name,
            id: user.id,
            role: {
                description: role.role.description,
                type: role.role.type,
                name: role.role.name,
            },
        };
    }
    async resetPassword(token: string, password: string): Promise<void> {
        this.validatePassword(password);
        const user = await this.getUserForToken(token);
        const allowed = await this.resetTokenService.useAccessToken({
            userId: user.id,
            token,
        });
        if (allowed) {
            await this.changePassword(user.id, password);
        } else {
            throw new InvalidTokenError();
        }
    }
    async createResetPasswordEmail(
        receiverEmail: string,
        requester: string,
    ): Promise<URL> {
        const receiver = await this.getByEmail(receiverEmail);
        if (!receiver) {
            throw new NotFoundError(`Could not find ${receiverEmail}`);
        }
        const resetLink = await this.resetTokenService.createResetPasswordUrl(
            receiver.id,
            requester,
        );
        await this.emailService.sendResetMail(
            receiver.name,
            receiver.email,
            resetLink.toString(),
        );
        return resetLink;
    }
 }
 module.exports = UserService;
--- a/src/lib/types/core.ts
+++ b/src/lib/types/core.ts
@ -1,4 +1,5 @@
 import { LogProvider } from '../logger';
 import { IEmailOptions } from '../services/email-service';
 interface IExperimentalFlags {
    [key: string]: boolean;
@ -12,6 +13,8 @@ export interface IUnleashConfig {
        enableApiToken: boolean;
        createAdminUser: boolean;
    };
    unleashUrl: string;
    email?: IEmailOptions;
 }
 export enum AuthenticationType {
--- a/src/mailtemplates/reset-password/reset-password.html.mustache
+++ b/src/mailtemplates/reset-password/reset-password.html.mustache
@ -1,22 +1,528 @@
-<!DOCTYPE html>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
-<head>
+	<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <meta name="viewport" content="width=device-width" />
+        <title>*|MC:SUBJECT|*</title>
-    <title>Reset your password {{ name }}</title>
+        <style type="text/css">
-</head>
+			/* /\/\/\/\/\/\/\/\/ CLIENT-SPECIFIC STYLES /\/\/\/\/\/\/\/\/ */
-<body>
+			#outlook a{padding:0;} /* Force Outlook to provide a "view in browser" message */
-<header>
+			.ReadMsgBody{width:100%;} .ExternalClass{width:100%;} /* Force Hotmail to display emails at full width */
 			.ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass div {line-height: 100%;} /* Force Hotmail to display normal line spacing */
 			body, table, td, p, a, li, blockquote{-webkit-text-size-adjust:100%; -ms-text-size-adjust:100%;} /* Prevent WebKit and Windows mobile changing default text sizes */
 			table, td{mso-table-lspace:0pt; mso-table-rspace:0pt;} /* Remove spacing between tables in Outlook 2007 and up */
 			img{-ms-interpolation-mode:bicubic;} /* Allow smoother rendering of resized image in Internet Explorer */
-</header>
+			/* /\/\/\/\/\/\/\/\/ RESET STYLES /\/\/\/\/\/\/\/\/ */
-<section>
+			body{margin:0; padding:0;}
-    Someone has requested a reset of your password. If this was you, great, click here <a href="{{ resetLink }}"
+			img{border:0; height:auto; line-height:100%; outline:none; text-decoration:none;}
-                                                                                          title="Password reset link">{{resetLink}}</a>
+			table{border-collapse:collapse !important;}
-    If this was not you, you might want to check your password still works
+			body, #bodyTable, #bodyCell{height:100% !important; margin:0; padding:0; width:100% !important;}
 </section>
-<footer>
+			/* /\/\/\/\/\/\/\/\/ TEMPLATE STYLES /\/\/\/\/\/\/\/\/ */
-    &copy; {{ year }} - Unleash
+
-</footer>
+			/* ========== Page Styles ========== */
-</body>
+
-</html>
+			#bodyCell{padding:20px;}
 			#templateContainer{width:600px;}
 			/**
 			* @tab Page
 			* @section background style
 			* @tip Set the background color and top border for your email. You may want to choose colors that match your company's branding.
 			* @theme page
 			*/
 			body, #bodyTable{
 				/*@editable*/ background-color:#DEE0E2;
 			}
 			/**
 			* @tab Page
 			* @section background style
 			* @tip Set the background color and top border for your email. You may want to choose colors that match your company's branding.
 			* @theme page
 			*/
 			#bodyCell{
 				/*@editable*/ border-top:4px solid #BBBBBB;
 			}
 			/**
 			* @tab Page
 			* @section email border
 			* @tip Set the border for your email.
 			*/
 			#templateContainer{
 				/*@editable*/ border:1px solid #BBBBBB;
 			}
 			/**
 			* @tab Page
 			* @section heading 1
 			* @tip Set the styling for all first-level headings in your emails. These should be the largest of your headings.
 			* @style heading 1
 			*/
 			h1{
 				/*@editable*/ color:#202020 !important;
 				display:block;
 				/*@editable*/ font-family:Helvetica;
 				/*@editable*/ font-size:26px;
 				/*@editable*/ font-style:normal;
 				/*@editable*/ font-weight:bold;
 				/*@editable*/ line-height:100%;
 				/*@editable*/ letter-spacing:normal;
 				margin-top:0;
 				margin-right:0;
 				margin-bottom:10px;
 				margin-left:0;
 				/*@editable*/ text-align:left;
 			}
 			/**
 			* @tab Page
 			* @section heading 2
 			* @tip Set the styling for all second-level headings in your emails.
 			* @style heading 2
 			*/
 			h2{
 				/*@editable*/ color:#404040 !important;
 				display:block;
 				/*@editable*/ font-family:Helvetica;
 				/*@editable*/ font-size:20px;
 				/*@editable*/ font-style:normal;
 				/*@editable*/ font-weight:bold;
 				/*@editable*/ line-height:100%;
 				/*@editable*/ letter-spacing:normal;
 				margin-top:0;
 				margin-right:0;
 				margin-bottom:10px;
 				margin-left:0;
 				/*@editable*/ text-align:left;
 			}
 			/**
 			* @tab Page
 			* @section heading 3
 			* @tip Set the styling for all third-level headings in your emails.
 			* @style heading 3
 			*/
 			h3{
 				/*@editable*/ color:#606060 !important;
 				display:block;
 				/*@editable*/ font-family:Helvetica;
 				/*@editable*/ font-size:16px;
 				/*@editable*/ font-style:italic;
 				/*@editable*/ font-weight:normal;
 				/*@editable*/ line-height:100%;
 				/*@editable*/ letter-spacing:normal;
 				margin-top:0;
 				margin-right:0;
 				margin-bottom:10px;
 				margin-left:0;
 				/*@editable*/ text-align:left;
 			}
 			/**
 			* @tab Page
 			* @section heading 4
 			* @tip Set the styling for all fourth-level headings in your emails. These should be the smallest of your headings.
 			* @style heading 4
 			*/
 			h4{
 				/*@editable*/ color:#808080 !important;
 				display:block;
 				/*@editable*/ font-family:Helvetica;
 				/*@editable*/ font-size:14px;
 				/*@editable*/ font-style:italic;
 				/*@editable*/ font-weight:normal;
 				/*@editable*/ line-height:100%;
 				/*@editable*/ letter-spacing:normal;
 				margin-top:0;
 				margin-right:0;
 				margin-bottom:10px;
 				margin-left:0;
 				/*@editable*/ text-align:left;
 			}
 			/* ========== Header Styles ========== */
 			/**
 			* @tab Header
 			* @section preheader style
 			* @tip Set the background color and bottom border for your email's preheader area.
 			* @theme header
 			*/
 			#templatePreheader{
 				/*@editable*/ background-color:#fff;
 				/*@editable*/ border-bottom:1px solid #CCCCCC;
 			}
 			/**
 			* @tab Header
 			* @section preheader text
 			* @tip Set the styling for your email's preheader text. Choose a size and color that is easy to read.
 			*/
 			.preheaderContent{
 				/*@editable*/ color:#808080;
 				/*@editable*/ font-family:Helvetica;
 				/*@editable*/ font-size:10px;
 				/*@editable*/ line-height:125%;
 				/*@editable*/ text-align:left;
 			}
 			/**
 			* @tab Header
 			* @section preheader link
 			* @tip Set the styling for your email's preheader links. Choose a color that helps them stand out from your text.
 			*/
 			.preheaderContent a:link, .preheaderContent a:visited, /* Yahoo! Mail Override */ .preheaderContent a .yshortcuts /* Yahoo! Mail Override */{
 				/*@editable*/ color:#fff;
 				/*@editable*/ font-weight:normal;
 				/*@editable*/ text-decoration:underline;
 			}
 			/**
 			* @tab Header
 			* @section header style
 			* @tip Set the background color and borders for your email's header area.
 			* @theme header
 			*/
 			#templateHeader{
 				/*@editable*/ background-color:#fff;
 				/*@editable*/ border-top:1px solid #FFFFFF;
 				/*@editable*/ border-bottom:1px solid #CCCCCC;
 			}
 			/**
 			* @tab Header
 			* @section header text
 			* @tip Set the styling for your email's header text. Choose a size and color that is easy to read.
 			*/
 			.headerContent{
 				/*@editable*/ color:#505050;
 				/*@editable*/ font-family:Helvetica;
 				/*@editable*/ font-size:20px;
 				/*@editable*/ font-weight:bold;
 				/*@editable*/ line-height:100%;
 				/*@editable*/ padding-top:0;
 				/*@editable*/ padding-right:0;
 				/*@editable*/ padding-bottom:0;
 				/*@editable*/ padding-left:0;
 				/*@editable*/ text-align:left;
 				/*@editable*/ vertical-align:middle;
 			}
 			/**
 			* @tab Header
 			* @section header link
 			* @tip Set the styling for your email's header links. Choose a color that helps them stand out from your text.
 			*/
 			.headerContent a:link, .headerContent a:visited, /* Yahoo! Mail Override */ .headerContent a .yshortcuts /* Yahoo! Mail Override */{
 				/*@editable*/ color:#fff;
 				/*@editable*/ font-weight:normal;
 				/*@editable*/ text-decoration:underline;
 			}
 			#headerImage{
 				height:auto;
 				max-width:600px;
 			}
 			/* ========== Body Styles ========== */
 			/**
 			* @tab Body
 			* @section body style
 			* @tip Set the background color and borders for your email's body area.
 			*/
 			#templateBody{
 				/*@editable*/ background-color:#fff;
 			}
 			/**
 			* @tab Body
 			* @section body text
 			* @tip Set the styling for your email's main content text. Choose a size and color that is easy to read.
 			* @theme main
 			*/
 			.bodyContent{
 				/*@editable*/ color:#505050;
 				/*@editable*/ font-family:Helvetica;
 				/*@editable*/ font-size:14px;
 				/*@editable*/ line-height:150%;
                /*@editable*/ border-bottom: 1px solid #CCCCCC;
 				padding-top:20px;
 				padding-right:20px;
 				padding-bottom:20px;
 				padding-left:20px;
 				/*@editable*/ text-align:left;
            }
 			.bodyContent img{
 				display:inline;
 				height:auto;
 				max-width:560px;
 			}
            .resetPasswordLink {
                text-decoration: none;
                color: #fff;
                background-color: #607d8b;
                border-radius: 25px;
                padding: 0.75rem;
                text-align: center;
            }
            .resetPasswordLink:hover {
                text-decoration: none;
                color: #fff;
            } 
 			/* ========== Footer Styles ========== */
 			/**
 			* @tab Footer
 			* @section footer style
 			* @tip Set the background color and borders for your email's footer area.
 			* @theme footer
 			*/
 			#templateFooter{
 				/*@editable*/ background-color:#fff;
 				/*@editable*/ border-top:1px solid #FFFFFF;
 			}
 			/**
 			* @tab Footer
 			* @section footer text
 			* @tip Set the styling for your email's footer text. Choose a size and color that is easy to read.
 			* @theme footer
 			*/
 			.footerContent{
 				/*@editable*/ color:#808080;
 				/*@editable*/ font-family:Helvetica;
 				/*@editable*/ font-size:10px;
 				/*@editable*/ line-height:150%;
 				padding-top:20px;
 				padding-right:20px;
 				padding-bottom:20px;
 				padding-left:20px;
 				/*@editable*/ text-align:left;
 			}
 			/**
 			* @tab Footer
 			* @section footer link
 			* @tip Set the styling for your email's footer links. Choose a color that helps them stand out from your text.
 			*/
 			.footerContent a:link, .footerContent a:visited, /* Yahoo! Mail Override */ .footerContent a .yshortcuts, .footerContent a span /* Yahoo! Mail Override */{
 				/*@editable*/ color:#606060;
 				/*@editable*/ font-weight:normal;
 				/*@editable*/ text-decoration:underline;
 			}
 			/* /\/\/\/\/\/\/\/\/ MOBILE STYLES /\/\/\/\/\/\/\/\/ */
            @media only screen and (max-width: 480px){
 				/* /\/\/\/\/\/\/ CLIENT-SPECIFIC MOBILE STYLES /\/\/\/\/\/\/ */
 				body, table, td, p, a, li, blockquote{-webkit-text-size-adjust:none !important;} /* Prevent Webkit platforms from changing default text sizes */
                body{width:100% !important; min-width:100% !important;} /* Prevent iOS Mail from adding padding to the body */
 				/* /\/\/\/\/\/\/ MOBILE RESET STYLES /\/\/\/\/\/\/ */
 				#bodyCell{padding:10px !important;}
 				/* /\/\/\/\/\/\/ MOBILE TEMPLATE STYLES /\/\/\/\/\/\/ */
 				/* ======== Page Styles ======== */
 				/**
 				* @tab Mobile Styles
 				* @section template width
 				* @tip Make the template fluid for portrait or landscape view adaptability. If a fluid layout doesn't work for you, set the width to 300px instead.
 				*/
 				#templateContainer{
 					max-width:600px !important;
 					/*@editable*/ width:100% !important;
 				}
 				/**
 				* @tab Mobile Styles
 				* @section heading 1
 				* @tip Make the first-level headings larger in size for better readability on small screens.
 				*/
 				h1{
 					/*@editable*/ font-size:24px !important;
 					/*@editable*/ line-height:100% !important;
 				}
 				/**
 				* @tab Mobile Styles
 				* @section heading 2
 				* @tip Make the second-level headings larger in size for better readability on small screens.
 				*/
 				h2{
 					/*@editable*/ font-size:20px !important;
 					/*@editable*/ line-height:100% !important;
 				}
 				/**
 				* @tab Mobile Styles
 				* @section heading 3
 				* @tip Make the third-level headings larger in size for better readability on small screens.
 				*/
 				h3{
 					/*@editable*/ font-size:18px !important;
 					/*@editable*/ line-height:100% !important;
 				}
 				/**
 				* @tab Mobile Styles
 				* @section heading 4
 				* @tip Make the fourth-level headings larger in size for better readability on small screens.
 				*/
 				h4{
 					/*@editable*/ font-size:16px !important;
 					/*@editable*/ line-height:100% !important;
 				}
 				/* ======== Header Styles ======== */
 				#templatePreheader{display:none !important;} /* Hide the template preheader to save space */
 				/**
 				* @tab Mobile Styles
 				* @section header image
 				* @tip Make the main header image fluid for portrait or landscape view adaptability, and set the image's original width as the max-width. If a fluid setting doesn't work, set the image width to half its original size instead.
 				*/
 				#headerImage{
 					height:auto !important;
 					/*@editable*/ max-width:600px !important;
 					/*@editable*/ width:100% !important;
 				}
 				/**
 				* @tab Mobile Styles
 				* @section header text
 				* @tip Make the header content text larger in size for better readability on small screens. We recommend a font size of at least 16px.
 				*/
 				.headerContent{
 					/*@editable*/ font-size:20px !important;
 					/*@editable*/ line-height:125% !important;
 				}
 				/* ======== Body Styles ======== */
 				/**
 				* @tab Mobile Styles
 				* @section body text
 				* @tip Make the body content text larger in size for better readability on small screens. We recommend a font size of at least 16px.
 				*/
 				.bodyContent{
 					/*@editable*/ font-size:18px !important;
 					/*@editable*/ line-height:125% !important;
 				}
 				/* ======== Footer Styles ======== */
 				/**
 				* @tab Mobile Styles
 				* @section footer text
 				* @tip Make the body content text larger in size for better readability on small screens.
 				*/
 				.footerContent{
 					/*@editable*/ font-size:14px !important;
 					/*@editable*/ line-height:115% !important;
 				}
 				.footerContent a{display:block !important;} /* Place footer social and utility links on their own lines, for easier access */
 			}
 		</style>
    </head>
    <body leftmargin="0" marginwidth="0" topmargin="0" marginheight="0" offset="0">
    	<center>
        	<table align="center" border="0" cellpadding="0" cellspacing="0" height="100%" width="100%" id="bodyTable">
            	<tr>
                	<td align="center" valign="top" id="bodyCell">
                    	<!-- BEGIN TEMPLATE // -->
                    	<table border="0" cellpadding="0" cellspacing="0" id="templateContainer">
                        	<tr>
                            	<td align="center" valign="top">
                                	<!-- BEGIN PREHEADER // -->
                                    <table border="0" cellpadding="0" cellspacing="0" width="100%" id="templatePreheader">
                                        <tr>
                                            <td valign="top" class="preheaderContent" style="padding-top:10px; padding-right:20px; padding-bottom:10px; padding-left:20px;" mc:edit="preheader_content00">
                                                Someone has requested a password reset on your unleash account. Please find the reset link in the email below.
                                            </td>
                                            <!-- *|IFNOT:ARCHIVE_PAGE|* -->
                                            <td valign="top" width="180" class="preheaderContent" style="padding-top:10px; padding-right:20px; padding-bottom:10px; padding-left:0;" mc:edit="preheader_content01">
                                                Email not displaying correctly?<br /><a href="*|ARCHIVE|*" target="_blank">View it in your browser</a>.
                                            </td>
                                            <!-- *|END:IF|* -->
                                        </tr>
                                    </table>
                                    <!-- // END PREHEADER -->
                                </td>
                            </tr>
                        	<tr>
                            	<td align="center" valign="top">
                                	<!-- BEGIN HEADER // -->
                                    <table border="0" cellpadding="0" cellspacing="0" width="100%" id="templateHeader">
                                        <tr>
                                            <td valign="top" class="headerContent">
                                            	<img src="https://www.unleash-hosted.com/wp-content/uploads/2019/12/unleash-hosted-logo-v2-mini-fit.png" style="max-width:600px;" id="headerImage" mc:label="header_image" mc:edit="header_image" mc:allowdesigner mc:allowtext />
                                            </td>
                                        </tr>
                                    </table>
                                    <!-- // END HEADER -->
                                </td>
                            </tr>
                        	<tr>
                            	<td align="center" valign="top">
                                	<!-- BEGIN BODY // -->
                                    <table border="0" cellpadding="0" cellspacing="0" width="100%" id="templateBody">
                                        <tr>
                                            <td valign="top" class="bodyContent" mc:edit="body_content">
                                                <h1>Reset password</h1>
                                                <br />
                                                Someone has requested to reset the password on your unleash account. If it was you, click the button below to complete the process. If not, you can ignore this email.
                                                <br />
                                                <br />
 												<br />
                                                <a class="resetPasswordLink" href="{{{ resetLink }}}" target="_blank" rel="noopener noreferrer">Reset password<a/>
                                            </td>
                                        </tr>
                                    </table>
                                    <!-- // END BODY -->
                                </td>
                            </tr>
                        	<tr>
                            	<td align="center" valign="top">
                                	<!-- BEGIN FOOTER // -->
                                    <table border="0" cellpadding="0" cellspacing="0" width="100%" id="templateFooter">
                                        <tr>
                                            <td valign="top" class="footerContent" mc:edit="footer_content00">
                                                <a href="https://github.com/Unleash/unleash">Follow us on Github</a>&nbsp;&nbsp;&nbsp;<a href="*|FACEBOOK:PROFILEURL|*">Friend on Facebook</a>&nbsp;&nbsp;&nbsp;<a href="*|FORWARD|*">Forward to Friend</a>&nbsp;
                                            </td>
                                        </tr>
                                        <tr>
                                            <td valign="top" class="footerContent" style="padding-top:0;" mc:edit="footer_content01">
                                                <em>Copyright &copy; {{ year }} | Unleash | All rights reserved.</em>
                                                <br />
                                                <br />
                                                <strong>Our mailing address is: team@getunleash.io</strong>
                                                <br />
                                            </td>
                                        </tr>
                                    </table>
                                    <!-- // END FOOTER -->
                                </td>
                            </tr>
                        </table>
                        <!-- // END TEMPLATE -->
                    </td>
                </tr>
            </table>
        </center>
    </body>
 </html>
--- a/src/mailtemplates/reset-password/reset-password.plain.mustache
+++ b/src/mailtemplates/reset-password/reset-password.plain.mustache
@ -1,4 +1,7 @@
-Hello {{ name }}
+Reset password
-Someone has requested a reset of your password.
+
-If this was you, great, visit "{{ resetLink }}" to reset your password.
+Someone has requested to reset the password on your unleash account. 
-If this was not you, you might want to check your password still works.
+
 If it was you, click the link below to complete the process. If not, you can ignore this email.
 Visit {{{ resetLink }}} to reset your password.
--- a/src/migrations/20210322104357-api-tokens-convert-enterprise.js
+++ b/src/migrations/20210322104357-api-tokens-convert-enterprise.js
@ -4,16 +4,12 @@ const async = require('async');
 const settingsId = 'unleash.enterprise.api.keys';
-const toApiToken = legacyToken => {
+const toApiToken = legacyToken => ({
-    return {
+    secret: legacyToken.key,
-        secret: legacyToken.key,
+    username: legacyToken.username,
-        username: legacyToken.username,
+    createdAt: legacyToken.created || new Date(),
-        createdAt: legacyToken.created || new Date(),
+    type: legacyToken.priviliges.some(n => n === 'ADMIN') ? 'admin' : 'client',
-        type: legacyToken.priviliges.some(n => n === 'ADMIN')
+});
            ? 'admin'
            : 'client',
    };
 };
 exports.up = function(db, cb) {
    db.runSql(
--- a/src/migrations/20210409120136-create-reset-token-table.js
+++ b/src/migrations/20210409120136-create-reset-token-table.js
@ -0,0 +1,26 @@
 exports.up = function(db, cb) {
    db.runSql(
        `
            CREATE TABLE IF NOT EXISTS reset_tokens
            (
                reset_token text PRIMARY KEY         NOT NULL,
                user_id     integer,
                expires_at  timestamp with time zone NOT NULL,
                used_at     timestamp with time zone,
                created_at  timestamp with time zone DEFAULT now(),
                created_by  text,
                FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE
            );
        `,
        cb,
    );
 };
 exports.down = function(db, cb) {
    db.runSql('DROP TABLE reset_tokens;', cb);
 };
 exports._meta = {
    version: 1,
 };
--- a/src/migrations/20210414141220-fix-misspellings-in-role-descriptions.js
+++ b/src/migrations/20210414141220-fix-misspellings-in-role-descriptions.js
@ -0,0 +1,12 @@
 exports.up = function(db, cb) {
    db.runSql(
        `
        UPDATE roles SET description = 'As an Editor you have access to most features in Unleash, but you can not manage users and roles in the global scope. If you create a project, you will become a project owner and receive superuser rights within the context of that project.' WHERE name = 'Regular';
    `,
        cb,
    );
 };
 exports.down = function(db, cb) {
    db.runSql(``, cb);
 };
--- a/src/test/e2e/api/admin/addon.e2e.test.js
+++ b/src/test/e2e/api/admin/addon.e2e.test.js
@ -16,7 +16,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/api-token.e2e.test.ts
+++ b/src/test/e2e/api/admin/api-token.e2e.test.ts
@ -15,7 +15,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/context.e2e.test.js
+++ b/src/test/e2e/api/admin/context.e2e.test.js
@ -14,7 +14,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/event.e2e.test.js
+++ b/src/test/e2e/api/admin/event.e2e.test.js
@ -13,7 +13,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/feature-archive.e2e.test.js
+++ b/src/test/e2e/api/admin/feature-archive.e2e.test.js
@ -13,7 +13,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/feature.auth.e2e.test.js
+++ b/src/test/e2e/api/admin/feature.auth.e2e.test.js
@ -13,7 +13,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/feature.custom-auth.e2e.test.js
+++ b/src/test/e2e/api/admin/feature.custom-auth.e2e.test.js
@ -15,7 +15,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/feature.e2e.test.js
+++ b/src/test/e2e/api/admin/feature.e2e.test.js
@ -14,7 +14,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/metrics.e2e.test.js
+++ b/src/test/e2e/api/admin/metrics.e2e.test.js
@ -15,7 +15,7 @@ test.before(async () => {
    reset = db.reset;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/state.e2e.test.js
+++ b/src/test/e2e/api/admin/state.e2e.test.js
@ -14,7 +14,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/strategy.e2e.test.js
+++ b/src/test/e2e/api/admin/strategy.e2e.test.js
@ -14,7 +14,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
@ -42,7 +42,7 @@ test.serial('gets a strategy by name', async t => {
        .expect(200);
 });
-test.serial('cant get a strategy by name that dose not exist', async t => {
+test.serial('cant get a strategy by name that does not exist', async t => {
    t.plan(0);
    const request = await setupApp(stores);
    return request
--- a/src/test/e2e/api/admin/tag-types.e2e.test.js
+++ b/src/test/e2e/api/admin/tag-types.e2e.test.js
@ -13,7 +13,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/tags.e2e.test.js
+++ b/src/test/e2e/api/admin/tags.e2e.test.js
@ -13,7 +13,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/admin/user-admin.e2e.test.ts
+++ b/src/test/e2e/api/admin/user-admin.e2e.test.ts
@ -25,7 +25,7 @@ test.before(async () => {
    adminRole = roles.find(r => r.name === RoleName.ADMIN);
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/auth/reset-password-controller.e2e.test.ts
+++ b/src/test/e2e/api/auth/reset-password-controller.e2e.test.ts
@ -0,0 +1,181 @@
 import test from 'ava';
 import { URL } from 'url';
 import dbInit from '../../helpers/database-init';
 import getLogger from '../../../fixtures/no-logger';
 import {
    AccessService,
    RoleName,
 } from '../../../../lib/services/access-service';
 import ResetTokenService from '../../../../lib/services/reset-token-service';
 import UserService from '../../../../lib/services/user-service';
 import { IUnleashConfig } from '../../../../lib/types/core';
 import { setupApp } from '../../helpers/test-helper';
 import { EmailService } from '../../../../lib/services/email-service';
 import User from '../../../../lib/user';
 let stores;
 let db;
 const config: IUnleashConfig = {
    getLogger,
    unleashUrl: 'http://localhost:3000',
    baseUriPath: '',
    authentication: { enableApiToken: true, createAdminUser: false },
 };
 const password = 'DtUYwi&l5I1KX4@Le';
 let userService: UserService;
 let accessService: AccessService;
 let resetTokenService: ResetTokenService;
 let adminUser: User;
 let user: User;
 const getBackendResetUrl = (url: URL): string => {
    const urlString = url.toString();
    const params = urlString.substring(urlString.indexOf('?'));
    return `/auth/reset/validate${params}`;
 };
 test.before(async () => {
    db = await dbInit('reset_password_api_serial', getLogger);
    stores = db.stores;
    accessService = new AccessService(stores, config);
    const emailService = new EmailService(config.email, config.getLogger);
    userService = new UserService(stores, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    resetTokenService = new ResetTokenService(stores, config);
    const adminRole = await accessService.getRootRole(RoleName.ADMIN);
    adminUser = await userService.createUser({
        username: 'admin@test.com',
        rootRole: adminRole.id,
    });
    const userRole = await accessService.getRootRole(RoleName.EDITOR);
    user = await userService.createUser({
        username: 'test@test.com',
        email: 'test@test.com',
        rootRole: userRole.id,
    });
 });
 test.afterEach.always(async () => {
    await stores.resetTokenStore.deleteAll();
 });
 test.after(async () => {
    await db.destroy();
 });
 test.serial('Can validate token for password reset', async t => {
    const request = await setupApp(stores);
    const url = await resetTokenService.createResetPasswordUrl(
        user.id,
        adminUser.username,
    );
    const relative = getBackendResetUrl(url);
    return request
        .get(relative)
        .expect(200)
        .expect('Content-Type', /json/)
        .expect(res => {
            t.is(res.body.email, user.email);
        });
 });
 test.serial('Can use token to reset password', async t => {
    const request = await setupApp(stores);
    const url = await resetTokenService.createResetPasswordUrl(
        user.id,
        adminUser.username,
    );
    const relative = getBackendResetUrl(url);
    // Can't login before reset
    t.throwsAsync<Error>(
        async () => userService.loginUser(user.email, password),
        {
            instanceOf: Error,
        },
    );
    let token;
    await request
        .get(relative)
        .expect(200)
        .expect('Content-Type', /json/)
        .expect(res => {
            token = res.body.token;
        });
    await request
        .post('/auth/reset/password')
        .send({
            token,
            password,
        })
        .expect(200);
    const loggedInUser = await userService.loginUser(user.email, password);
    t.is(user.email, loggedInUser.email);
 });
 test.serial(
    'Trying to reset password with same token twice does not work',
    async t => {
        const request = await setupApp(stores);
        const url = await resetTokenService.createResetPasswordUrl(
            user.id,
            adminUser.username,
        );
        const relative = getBackendResetUrl(url);
        let token;
        await request
            .get(relative)
            .expect(200)
            .expect('Content-Type', /json/)
            .expect(res => {
                token = res.body.token;
            });
        await request
            .post('/auth/reset/password')
            .send({
                email: user.email,
                token,
                password,
            })
            .expect(200);
        await request
            .post('/auth/reset/password')
            .send({
                email: user.email,
                token,
                password,
            })
            .expect(403)
            .expect(res => {
                t.truthy(res.body.details[0].message);
            });
    },
 );
 test.serial('Invalid token should yield 401', async t => {
    const request = await setupApp(stores);
    return request.get('/auth/reset/validate?token=abc123').expect(res => {
        t.is(res.status, 401);
    });
 });
 test.serial(
    'Trying to change password with an invalid token should yield 401',
    async t => {
        const request = await setupApp(stores);
        return request
            .post('/auth/reset/password')
            .send({
                token: 'abc123',
                password,
            })
            .expect(res => t.is(res.status, 401));
    },
 );
--- a/src/test/e2e/api/client/feature.e2e.test.js
+++ b/src/test/e2e/api/client/feature.e2e.test.js
@ -13,7 +13,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/client/metrics.e2e.test.js
+++ b/src/test/e2e/api/client/metrics.e2e.test.js
@ -15,7 +15,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/api/client/register.e2e.test.js
+++ b/src/test/e2e/api/client/register.e2e.test.js
@ -22,7 +22,7 @@ test.before(async () => {
    stores = db.stores;
 });
-test.after(async () => {
+test.after.always(async () => {
    await db.destroy();
 });
--- a/src/test/e2e/helpers/database-init.js
+++ b/src/test/e2e/helpers/database-init.js
@ -29,6 +29,7 @@ async function resetDatabase(stores) {
        stores.db('tag_types').del(),
        stores.db('addons').del(),
        stores.db('users').del(),
        stores.db('reset_tokens').del(),
    ]);
 }
--- a/src/test/e2e/helpers/test-helper.js
+++ b/src/test/e2e/helpers/test-helper.js
@ -25,6 +25,7 @@ function createApp(stores, adminAuthentication = 'none', preHook) {
        authentication: {
            customHook: () => {},
        },
        unleashUrl: 'http://localhost:4242',
        getLogger,
    };
    const services = createServices(stores, config);
--- a/src/test/e2e/services/reset-token-service.e2e.test.ts
+++ b/src/test/e2e/services/reset-token-service.e2e.test.ts
@ -0,0 +1,100 @@
 import test from 'ava';
 import { IUnleashConfig } from '../../../lib/types/core';
 import dbInit from '../helpers/database-init';
 import getLogger from '../../fixtures/no-logger';
 import ResetTokenService from '../../../lib/services/reset-token-service';
 import UserService from '../../../lib/services/user-service';
 import { AccessService } from '../../../lib/services/access-service';
 import NotFoundError from '../../../lib/error/notfound-error';
 import { EmailService } from '../../../lib/services/email-service';
 import User from '../../../lib/user';
 const config: IUnleashConfig = {
    getLogger,
    baseUriPath: '',
    authentication: { enableApiToken: true, createAdminUser: false },
    unleashUrl: 'http://localhost:3000',
 };
 let stores;
 let db;
 let adminUser;
 let userToCreateResetFor: User;
 let userIdToCreateResetFor: number;
 let accessService: AccessService;
 let userService: UserService;
 let resetTokenService: ResetTokenService;
 test.before(async () => {
    db = await dbInit('reset_token_service_serial', getLogger);
    stores = db.stores;
    accessService = new AccessService(stores, config);
    resetTokenService = new ResetTokenService(stores, config);
    const emailService = new EmailService(config.email, config.getLogger);
    userService = new UserService(stores, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    adminUser = await userService.createUser({
        username: 'admin@test.com',
        rootRole: 1,
    });
    userToCreateResetFor = await userService.createUser({
        username: 'test@test.com',
        rootRole: 2,
    });
    userIdToCreateResetFor = userToCreateResetFor.id;
 });
 test.after.always(async () => {
    db.destroy();
 });
 test.serial('Should create a reset link', async t => {
    const url = await resetTokenService.createResetPasswordUrl(
        userIdToCreateResetFor,
        adminUser,
    );
    t.true(url.toString().indexOf('/reset-password') > 0);
 });
 test.serial('Should create a welcome link', async t => {
    const url = await resetTokenService.createWelcomeUrl(
        userIdToCreateResetFor,
        adminUser.username,
    );
    t.true(url.toString().indexOf('/new-user') > 0);
 });
 test.serial('Tokens should be one-time only', async t => {
    const token = await resetTokenService.createToken(
        userIdToCreateResetFor,
        adminUser,
    );
    const accessGranted = await resetTokenService.useAccessToken(token);
    t.is(accessGranted, true);
    const secondGo = await resetTokenService.useAccessToken(token);
    t.is(secondGo, false);
 });
 test.serial('Creating a new token should expire older tokens', async t => {
    const firstToken = await resetTokenService.createToken(
        userIdToCreateResetFor,
        adminUser,
    );
    const secondToken = await resetTokenService.createToken(
        userIdToCreateResetFor,
        adminUser,
    );
    await t.throwsAsync<NotFoundError>(async () =>
        resetTokenService.isValid(firstToken.token),
    );
    const validToken = await resetTokenService.isValid(secondToken.token);
    t.is(secondToken.token, validToken.token);
 });
--- a/src/test/e2e/services/user-service.e2e.test.ts
+++ b/src/test/e2e/services/user-service.e2e.test.ts
@ -7,6 +7,8 @@ import UserStore from '../../../lib/db/user-store';
 import User from '../../../lib/user';
 import { IUnleashConfig } from '../../../lib/types/core';
 import { IRole } from '../../../lib/db/access-store';
 import ResetTokenService from '../../../lib/services/reset-token-service';
 import { EmailService } from '../../../lib/services/email-service';
 let db;
 let stores;
@ -24,9 +26,17 @@ test.before(async () => {
            enableApiToken: false,
            createAdminUser: false,
        },
        unleashUrl: 'http://localhost:4242',
    };
    const accessService = new AccessService(stores, config);
-    userService = new UserService(stores, config, accessService);
+    const resetTokenService = new ResetTokenService(stores, config);
    const emailService = new EmailService(config.email, config.getLogger);
    userService = new UserService(stores, config, {
        accessService,
        resetTokenService,
        emailService,
    });
    userStore = stores.userStore;
    const rootRoles = await accessService.getRootRoles();
    adminRole = rootRoles.find(r => r.name === RoleName.ADMIN);
--- a/src/test/e2e/stores/client-application-store.e2e.test.js
+++ b/src/test/e2e/stores/client-application-store.e2e.test.js
@ -159,9 +159,10 @@ test.serial('Multi row merge also works', async t => {
        clients.push(clientRegistration);
    }
    await clientApplicationsStore.bulkUpsert(clients);
-    const alteredClients = clients.map(c => {
+    const alteredClients = clients.map(c => ({
-        return { appName: c.appName, icon: 'red' };
+        appName: c.appName,
-    });
+        icon: 'red',
    }));
    await clientApplicationsStore.bulkUpsert(alteredClients);
    const stored = await Promise.all(
        clients.map(async c =>
--- a/src/test/fixtures/fake-addon-store.js
+++ b/src/test/fixtures/fake-addon-store.js
@ -17,9 +17,7 @@ module.exports = () => {
            _addons.splice(id, 1);
            Promise.resolve();
        },
-        get: async id => {
+        get: async id => _addons[id],
            return _addons[id];
        },
        getAll: () => Promise.resolve(_addons),
    };
 };
--- a/src/test/fixtures/fake-feature-toggle-store.js
+++ b/src/test/fixtures/fake-feature-toggle-store.js
@ -73,25 +73,25 @@ module.exports = (databaseIsUp = true) => {
                const activeQueryKeys = Object.keys(query).filter(
                    t => query[t],
                );
-                const filtered = _features.filter(feature => {
+                const filtered = _features.filter(feature =>
-                    return activeQueryKeys.every(key => {
+                    activeQueryKeys.every(key => {
                        if (key === 'namePrefix') {
                            return feature.name.indexOf(query[key]) > -1;
                        }
                        if (key === 'tag') {
-                            return query[key].some(tagQuery => {
+                            return query[key].some(tagQuery =>
-                                return _featureTags
+                                _featureTags
                                    .filter(t => t.featureName === feature.name)
                                    .some(
                                        tag =>
                                            tag.tagType === tagQuery[0] &&
                                            tag.tagValue === tagQuery[1],
-                                    );
+                                    ),
-                            });
+                            );
                        }
                        return query[key].some(v => v === feature[key]);
-                    });
+                    }),
-                });
+                );
                return Promise.resolve(filtered);
            }
            return Promise.resolve(_features);
@ -112,18 +112,15 @@ module.exports = (databaseIsUp = true) => {
            );
            _featureTags.splice(index, 1);
        },
-        getAllTagsForFeature: featureName => {
+        getAllTagsForFeature: featureName =>
-            return Promise.resolve(
+            Promise.resolve(
                _featureTags
                    .filter(f => f.featureName === featureName)
-                    .map(t => {
+                    .map(t => ({
-                        return {
+                        type: t.tagType,
-                            type: t.tagType,
+                        value: t.tagValue,
-                            value: t.tagValue,
+                    })),
-                        };
+            ),
                    }),
            );
        },
        getAllFeatureTags: () => Promise.resolve(_featureTags),
        importFeatureTags: tags => {
            tags.forEach(tag => {
--- a/src/test/fixtures/fake-reset-token-store.ts
+++ b/src/test/fixtures/fake-reset-token-store.ts
@ -0,0 +1,50 @@
 import { EventEmitter } from 'events';
 import {
    IResetToken,
    IResetTokenCreate,
    IResetTokenQuery,
    ResetTokenStore,
 } from '../../lib/db/reset-token-store';
 import noLoggerProvider from './no-logger';
 import NotFoundError from '../../lib/error/notfound-error';
 export class ResetTokenStoreMock extends ResetTokenStore {
    data: IResetToken[];
    constructor() {
        super(undefined, new EventEmitter(), noLoggerProvider);
        this.data = [];
    }
    async getActive(token: string): Promise<IResetToken> {
        const row = this.data.find(tokens => tokens.token === token);
        if (!row) {
            throw new NotFoundError();
        }
        return row;
    }
    async insert(newToken: IResetTokenCreate): Promise<IResetToken> {
        const token = {
            userId: newToken.user_id,
            token: newToken.reset_token,
            expiresAt: newToken.expires_at,
            createdBy: newToken.created_by,
            createdAt: new Date(),
        };
        this.data.push(token);
        return Promise.resolve(token);
    }
    async delete({ reset_token }: IResetTokenQuery): Promise<void> {
        this.data.splice(
            this.data.findIndex(token => token.token === reset_token),
            1,
        );
        return Promise.resolve();
    }
    async deleteExpired(): Promise<void> {
        throw new Error('Not implemented in mock');
    }
 }
--- a/yarn.lock
+++ b/yarn.lock
@ -640,13 +640,13 @@
    "@types/mime" "^1"
    "@types/node" "*"
-"@typescript-eslint/eslint-plugin@^4.15.2":
+"@typescript-eslint/eslint-plugin@^4.22.0":
-  version "4.15.2"
+  version "4.22.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.15.2.tgz#981b26b4076c62a5a55873fbef3fe98f83360c61"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.22.0.tgz#3d5f29bb59e61a9dba1513d491b059e536e16dbc"
-  integrity sha512-uiQQeu9tWl3f1+oK0yoAv9lt/KXO24iafxgQTkIYO/kitruILGx3uH+QtIAHqxFV+yIsdnJH+alel9KuE3J15Q==
+  integrity sha512-U8SP9VOs275iDXaL08Ln1Fa/wLXfj5aTr/1c0t0j6CdbOnxh+TruXu1p4I0NAvdPBQgoPjHsgKn28mOi0FzfoA==
  dependencies:
-    "@typescript-eslint/experimental-utils" "4.15.2"
+    "@typescript-eslint/experimental-utils" "4.22.0"
-    "@typescript-eslint/scope-manager" "4.15.2"
+    "@typescript-eslint/scope-manager" "4.22.0"
    debug "^4.1.1"
    functional-red-black-tree "^1.0.1"
    lodash "^4.17.15"
@ -654,19 +654,29 @@
    semver "^7.3.2"
    tsutils "^3.17.1"
-"@typescript-eslint/experimental-utils@4.15.2":
+"@typescript-eslint/experimental-utils@4.22.0":
-  version "4.15.2"
+  version "4.22.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/experimental-utils/-/experimental-utils-4.15.2.tgz#5efd12355bd5b535e1831282e6cf465b9a71cf36"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/experimental-utils/-/experimental-utils-4.22.0.tgz#68765167cca531178e7b650a53456e6e0bef3b1f"
-  integrity sha512-Fxoshw8+R5X3/Vmqwsjc8nRO/7iTysRtDqx6rlfLZ7HbT8TZhPeQqbPjTyk2RheH3L8afumecTQnUc9EeXxohQ==
+  integrity sha512-xJXHHl6TuAxB5AWiVrGhvbGL8/hbiCQ8FiWwObO3r0fnvBdrbWEDy1hlvGQOAWc6qsCWuWMKdVWlLAEMpxnddg==
  dependencies:
    "@types/json-schema" "^7.0.3"
-    "@typescript-eslint/scope-manager" "4.15.2"
+    "@typescript-eslint/scope-manager" "4.22.0"
-    "@typescript-eslint/types" "4.15.2"
+    "@typescript-eslint/types" "4.22.0"
-    "@typescript-eslint/typescript-estree" "4.15.2"
+    "@typescript-eslint/typescript-estree" "4.22.0"
    eslint-scope "^5.0.0"
    eslint-utils "^2.0.0"
-"@typescript-eslint/parser@^4.15.2", "@typescript-eslint/parser@^4.4.1":
+"@typescript-eslint/parser@^4.22.0":
  version "4.22.0"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-4.22.0.tgz#e1637327fcf796c641fe55f73530e90b16ac8fe8"
  integrity sha512-z/bGdBJJZJN76nvAY9DkJANYgK3nlRstRRi74WHm3jjgf2I8AglrSY+6l7ogxOmn55YJ6oKZCLLy+6PW70z15Q==
  dependencies:
    "@typescript-eslint/scope-manager" "4.22.0"
    "@typescript-eslint/types" "4.22.0"
    "@typescript-eslint/typescript-estree" "4.22.0"
    debug "^4.1.1"
 "@typescript-eslint/parser@^4.4.1":
  version "4.15.2"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-4.15.2.tgz#c804474321ef76a3955aec03664808f0d6e7872e"
  integrity sha512-SHeF8xbsC6z2FKXsaTb1tBCf0QZsjJ94H6Bo51Y1aVEZ4XAefaw5ZAilMoDPlGghe+qtq7XdTiDlGfVTOmvA+Q==
@ -684,11 +694,24 @@
    "@typescript-eslint/types" "4.15.2"
    "@typescript-eslint/visitor-keys" "4.15.2"
 "@typescript-eslint/scope-manager@4.22.0":
  version "4.22.0"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-4.22.0.tgz#ed411545e61161a8d702e703a4b7d96ec065b09a"
  integrity sha512-OcCO7LTdk6ukawUM40wo61WdeoA7NM/zaoq1/2cs13M7GyiF+T4rxuA4xM+6LeHWjWbss7hkGXjFDRcKD4O04Q==
  dependencies:
    "@typescript-eslint/types" "4.22.0"
    "@typescript-eslint/visitor-keys" "4.22.0"
 "@typescript-eslint/types@4.15.2":
  version "4.15.2"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-4.15.2.tgz#04acf3a2dc8001a88985291744241e732ef22c60"
  integrity sha512-r7lW7HFkAarfUylJ2tKndyO9njwSyoy6cpfDKWPX6/ctZA+QyaYscAHXVAfJqtnY6aaTwDYrOhp+ginlbc7HfQ==
 "@typescript-eslint/types@4.22.0":
  version "4.22.0"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-4.22.0.tgz#0ca6fde5b68daf6dba133f30959cc0688c8dd0b6"
  integrity sha512-sW/BiXmmyMqDPO2kpOhSy2Py5w6KvRRsKZnV0c4+0nr4GIcedJwXAq+RHNK4lLVEZAJYFltnnk1tJSlbeS9lYA==
 "@typescript-eslint/typescript-estree@4.15.2":
  version "4.15.2"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-4.15.2.tgz#c2f7a1e94f3428d229d5ecff3ead6581ee9b62fa"
@ -702,6 +725,19 @@
    semver "^7.3.2"
    tsutils "^3.17.1"
 "@typescript-eslint/typescript-estree@4.22.0":
  version "4.22.0"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-4.22.0.tgz#b5d95d6d366ff3b72f5168c75775a3e46250d05c"
  integrity sha512-TkIFeu5JEeSs5ze/4NID+PIcVjgoU3cUQUIZnH3Sb1cEn1lBo7StSV5bwPuJQuoxKXlzAObjYTilOEKRuhR5yg==
  dependencies:
    "@typescript-eslint/types" "4.22.0"
    "@typescript-eslint/visitor-keys" "4.22.0"
    debug "^4.1.1"
    globby "^11.0.1"
    is-glob "^4.0.1"
    semver "^7.3.2"
    tsutils "^3.17.1"
 "@typescript-eslint/visitor-keys@4.15.2":
  version "4.15.2"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-4.15.2.tgz#3d1c7979ce75bf6acf9691109bd0d6b5706192b9"
@ -710,6 +746,14 @@
    "@typescript-eslint/types" "4.15.2"
    eslint-visitor-keys "^2.0.0"
 "@typescript-eslint/visitor-keys@4.22.0":
  version "4.22.0"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-4.22.0.tgz#169dae26d3c122935da7528c839f42a8a42f6e47"
  integrity sha512-nnMu4F+s4o0sll6cBSsTeVsT4cwxB7zECK3dFxzEjPBii9xLpq4yqqsy/FU5zMfan6G60DKZSCXAa3sHJZrcYw==
  dependencies:
    "@typescript-eslint/types" "4.22.0"
    eslint-visitor-keys "^2.0.0"
 abbrev@1:
  version "1.1.1"
  resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
@ -1627,11 +1671,6 @@ confusing-browser-globals@^1.0.10:
  resolved "https://registry.yarnpkg.com/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz#30d1e7f3d1b882b25ec4933d1d1adac353d20a59"
  integrity sha512-gNld/3lySHwuhaVluJUKLePYirM3QNCKzVxqAdhJII9/WXKVX5PURzMVJspS1jTslSqjeuG4KMVTSouit5YPHA==
 confusing-browser-globals@^1.0.9:
  version "1.0.9"
  resolved "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.9.tgz"
  integrity sha512-KbS1Y0jMtyPgIxjO7ZzMAuUpAKMt1SzCL9fsrKsX6b0zJPTaT0SiSPmewwVZg9UAO83HVIlEhZF84LIjZ0lmAw==
 connect-session-knex@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/connect-session-knex/-/connect-session-knex-2.0.0.tgz#c49003b8edd3e4cd64c701356223920abd052053"
@ -1743,6 +1782,14 @@ core-util-is@1.0.2, core-util-is@~1.0.0:
  resolved "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz"
  integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=
 cors@^2.8.5:
  version "2.8.5"
  resolved "https://registry.yarnpkg.com/cors/-/cors-2.8.5.tgz#eac11da51592dd86b9f06f6e7ac293b3df875d29"
  integrity sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==
  dependencies:
    object-assign "^4"
    vary "^1"
 cosmiconfig@^6.0.0:
  version "6.0.0"
  resolved "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz"
@ -2306,15 +2353,6 @@ escape-string-regexp@^4.0.0:
  resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz"
  integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==
 eslint-config-airbnb-base@^14.1.0:
  version "14.2.0"
  resolved "https://registry.npmjs.org/eslint-config-airbnb-base/-/eslint-config-airbnb-base-14.2.0.tgz"
  integrity sha512-Snswd5oC6nJaevs3nZoLSTvGJBvzTfnBqOIArkf3cbyTyq9UD79wOk8s+RiL6bhca0p/eRO6veczhf6A/7Jy8Q==
  dependencies:
    confusing-browser-globals "^1.0.9"
    object.assign "^4.1.0"
    object.entries "^1.1.2"
 eslint-config-airbnb-base@^14.2.0, eslint-config-airbnb-base@^14.2.1:
  version "14.2.1"
  resolved "https://registry.yarnpkg.com/eslint-config-airbnb-base/-/eslint-config-airbnb-base-14.2.1.tgz#8a2eb38455dc5a312550193b319cdaeef042cd1e"
@ -2342,12 +2380,10 @@ eslint-config-airbnb@^18.2.0:
    object.assign "^4.1.2"
    object.entries "^1.1.2"
-eslint-config-prettier@^6.10.1:
+eslint-config-prettier@^8.1.0:
-  version "6.11.0"
+  version "8.1.0"
-  resolved "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-6.11.0.tgz"
+  resolved "https://registry.yarnpkg.com/eslint-config-prettier/-/eslint-config-prettier-8.1.0.tgz#4ef1eaf97afe5176e6a75ddfb57c335121abc5a6"
-  integrity sha512-oB8cpLWSAjOVFEJhhyMZh6NOEOtBVziaqdDQ86+qhDHFbZXoRTM7pNSvFRfW/W/L/LrQ38C99J5CGuRBBzBsdA==
+  integrity sha512-oKMhGv3ihGbCIimCAjqkdzx2Q+jthoqnXSP+d86M9tptwugycmTFdVR4IpLgq2c4SHifbwO90z2fQ8/Aio73yw==
  dependencies:
    get-stdin "^6.0.0"
 eslint-import-resolver-node@^0.3.4:
  version "0.3.4"
@ -2365,9 +2401,9 @@ eslint-module-utils@^2.6.0:
    debug "^2.6.9"
    pkg-dir "^2.0.0"
-eslint-plugin-import@^2.20.2:
+eslint-plugin-import@^2.22.1:
  version "2.22.1"
-  resolved "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.22.1.tgz"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-import/-/eslint-plugin-import-2.22.1.tgz#0896c7e6a0cf44109a2d97b95903c2bb689d7702"
  integrity sha512-8K7JjINHOpH64ozkAhpT3sd+FswIZTfMZTjdx052pnWrgRCVfp8op9tbjpAk3DdUeI/Ba4C8OjdC0r90erHEOw==
  dependencies:
    array-includes "^3.1.1"
@ -2384,10 +2420,10 @@ eslint-plugin-import@^2.20.2:
    resolve "^1.17.0"
    tsconfig-paths "^3.9.0"
-eslint-plugin-prettier@^3.1.3:
+eslint-plugin-prettier@^3.3.1:
-  version "3.1.4"
+  version "3.3.1"
-  resolved "https://registry.npmjs.org/eslint-plugin-prettier/-/eslint-plugin-prettier-3.1.4.tgz"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.3.1.tgz#7079cfa2497078905011e6f82e8dd8453d1371b7"
-  integrity sha512-jZDa8z76klRqo+TdGDTFJSavwbnWK2ZpqGKNZ+VvweMW516pDUMmQ2koXvxEE4JhzNvTv+radye/bWGBmA6jmg==
+  integrity sha512-Rq3jkcFY8RYeQLgk2cCwuc0P7SEFwDravPhsJZOQ5N4YI4DSg50NyqJ/9gdZHzQlHf8MvafSesbNJCcP/FF6pQ==
  dependencies:
    prettier-linter-helpers "^1.0.0"
@ -3070,11 +3106,6 @@ get-package-type@^0.1.0:
  resolved "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz"
  integrity sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==
 get-stdin@^6.0.0:
  version "6.0.0"
  resolved "https://registry.npmjs.org/get-stdin/-/get-stdin-6.0.0.tgz"
  integrity sha512-jp4tHawyV7+fkkSKyvjuLZswblUtz+SQKzSWnBbii16BuZksJlU1wuBYXY75r+duh/llF1ur6oNwi+2ZzjKZ7g==
 get-stream@^4.1.0:
  version "4.1.0"
  resolved "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz"
@ -4845,7 +4876,7 @@ oauth@0.9.x:
  resolved "https://registry.npmjs.org/oauth/-/oauth-0.9.15.tgz"
  integrity sha1-vR/vr2hslrdUda7VGWQS/2DPucE=
-object-assign@^4.1.0, object-assign@^4.1.1:
+object-assign@^4, object-assign@^4.1.0, object-assign@^4.1.1:
  version "4.1.1"
  resolved "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz"
  integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=
@ -6807,10 +6838,10 @@ typedarray@^0.0.6:
  resolved "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz"
  integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=
-typescript@^4.1.5:
+typescript@^4.2.4:
-  version "4.1.5"
+  version "4.2.4"
-  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.1.5.tgz#123a3b214aaff3be32926f0d8f1f6e704eb89a72"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.2.4.tgz#8610b59747de028fda898a8aef0e103f156d0961"
-  integrity sha512-6OSu9PTIzmn9TCDiovULTnET6BgXtDYL4Gg4szY+cGsc3JP1dQL8qvE8kShTRx1NIw4Q9IBHlwODjkjWEtMUyA==
+  integrity sha512-V+evlYHZnQkaz8TRBuxTA92yZBPotr5H+WhQ7bD3hZUndx5tGOa1fuCgeSjxAzM1RiN5IzvadIXTVefuuwZCRg==
 uid-safe@~2.1.5:
  version "2.1.5"
@ -6969,7 +7000,7 @@ validate-npm-package-license@^3.0.1:
    spdx-correct "^3.0.0"
    spdx-expression-parse "^3.0.0"
-vary@~1.1.2:
+vary@^1, vary@~1.1.2:
  version "1.1.2"
  resolved "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz"
  integrity sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=