From: Into the V0id <57257404+into-the-v0id@users.noreply.github.com>
Date: Tue, 25 Jul 2023 17:33:02 +0000 (+0000)
Subject: Dont authenticate user after successful password reset #3714 (#3715)
X-Git-Url: http://these/git/%22https:/image.com/static/readmes/%7BimageSrc%7D?a=commitdiff_plain;h=cf2229d66520fdb3833c4f1b1d3aa569f41d8883;p=lemmy.git

Dont authenticate user after successful password reset #3714 (#3715)

Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
---

diff --git a/crates/api/src/local_user/change_password_after_reset.rs b/crates/api/src/local_user/change_password_after_reset.rs
index 919c250f..65587bcb 100644
--- a/crates/api/src/local_user/change_password_after_reset.rs
+++ b/crates/api/src/local_user/change_password_after_reset.rs
@@ -5,15 +5,11 @@ use lemmy_api_common::{
   person::{LoginResponse, PasswordChangeAfterReset},
   utils::password_length_check,
 };
-use lemmy_db_schema::{
-  source::{local_user::LocalUser, password_reset_request::PasswordResetRequest},
-  RegistrationMode,
-};
-use lemmy_db_views::structs::SiteView;
-use lemmy_utils::{
-  claims::Claims,
-  error::{LemmyError, LemmyErrorExt, LemmyErrorType},
+use lemmy_db_schema::source::{
+  local_user::LocalUser,
+  password_reset_request::PasswordResetRequest,
 };
+use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
 
 #[async_trait::async_trait(?Send)]
 impl Perform for PasswordChangeAfterReset {
@@ -38,30 +34,12 @@ impl Perform for PasswordChangeAfterReset {
 
     // Update the user with the new password
     let password = data.password.clone();
-    let updated_local_user =
-      LocalUser::update_password(&mut context.pool(), local_user_id, &password)
-        .await
-        .with_lemmy_type(LemmyErrorType::CouldntUpdateUser)?;
-
-    // Return the jwt if login is allowed
-    let site_view = SiteView::read_local(&mut context.pool()).await?;
-    let jwt = if site_view.local_site.registration_mode == RegistrationMode::RequireApplication
-      && !updated_local_user.accepted_application
-    {
-      None
-    } else {
-      Some(
-        Claims::jwt(
-          updated_local_user.id.0,
-          &context.secret().jwt_secret,
-          &context.settings().hostname,
-        )?
-        .into(),
-      )
-    };
+    LocalUser::update_password(&mut context.pool(), local_user_id, &password)
+      .await
+      .with_lemmy_type(LemmyErrorType::CouldntUpdateUser)?;
 
     Ok(LoginResponse {
-      jwt,
+      jwt: None,
       verify_email_sent: false,
       registration_created: false,
     })