From cf2229d66520fdb3833c4f1b1d3aa569f41d8883 Mon Sep 17 00:00:00 2001 From: Into the V0id <57257404+into-the-v0id@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:33:02 +0000 Subject: [PATCH] Dont authenticate user after successful password reset #3714 (#3715) Co-authored-by: Dessalines <dessalines@users.noreply.github.com> --- .../local_user/change_password_after_reset.rs | 38 ++++--------------- 1 file changed, 8 insertions(+), 30 deletions(-) diff --git a/crates/api/src/local_user/change_password_after_reset.rs b/crates/api/src/local_user/change_password_after_reset.rs index 919c250f..65587bcb 100644 --- a/crates/api/src/local_user/change_password_after_reset.rs +++ b/crates/api/src/local_user/change_password_after_reset.rs @@ -5,15 +5,11 @@ use lemmy_api_common::{ person::{LoginResponse, PasswordChangeAfterReset}, utils::password_length_check, }; -use lemmy_db_schema::{ - source::{local_user::LocalUser, password_reset_request::PasswordResetRequest}, - RegistrationMode, -}; -use lemmy_db_views::structs::SiteView; -use lemmy_utils::{ - claims::Claims, - error::{LemmyError, LemmyErrorExt, LemmyErrorType}, +use lemmy_db_schema::source::{ + local_user::LocalUser, + password_reset_request::PasswordResetRequest, }; +use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; #[async_trait::async_trait(?Send)] impl Perform for PasswordChangeAfterReset { @@ -38,30 +34,12 @@ impl Perform for PasswordChangeAfterReset { // Update the user with the new password let password = data.password.clone(); - let updated_local_user = - LocalUser::update_password(&mut context.pool(), local_user_id, &password) - .await - .with_lemmy_type(LemmyErrorType::CouldntUpdateUser)?; - - // Return the jwt if login is allowed - let site_view = SiteView::read_local(&mut context.pool()).await?; - let jwt = if site_view.local_site.registration_mode == RegistrationMode::RequireApplication - && !updated_local_user.accepted_application - { - None - } else { - Some( - Claims::jwt( - updated_local_user.id.0, - &context.secret().jwt_secret, - &context.settings().hostname, - )? - .into(), - ) - }; + LocalUser::update_password(&mut context.pool(), local_user_id, &password) + .await + .with_lemmy_type(LemmyErrorType::CouldntUpdateUser)?; Ok(LoginResponse { - jwt, + jwt: None, verify_email_sent: false, registration_created: false, }) -- 2.44.1