Dont authenticate user after successful password reset #3714 (#3715)
authorInto the V0id <57257404+into-the-v0id@users.noreply.github.com>
Tue, 25 Jul 2023 17:33:02 +0000 (17:33 +0000)
committerGitHub <noreply@github.com>
Tue, 25 Jul 2023 17:33:02 +0000 (13:33 -0400)
Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
crates/api/src/local_user/change_password_after_reset.rs

index 919c250f4856b4fc791a56f15b73194d963fed58..65587bcbf8b2d1f06f39600e0725110c72b974fe 100644 (file)
@@ -5,15 +5,11 @@ use lemmy_api_common::{
   person::{LoginResponse, PasswordChangeAfterReset},
   utils::password_length_check,
 };
-use lemmy_db_schema::{
-  source::{local_user::LocalUser, password_reset_request::PasswordResetRequest},
-  RegistrationMode,
-};
-use lemmy_db_views::structs::SiteView;
-use lemmy_utils::{
-  claims::Claims,
-  error::{LemmyError, LemmyErrorExt, LemmyErrorType},
+use lemmy_db_schema::source::{
+  local_user::LocalUser,
+  password_reset_request::PasswordResetRequest,
 };
+use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
 
 #[async_trait::async_trait(?Send)]
 impl Perform for PasswordChangeAfterReset {
@@ -38,30 +34,12 @@ impl Perform for PasswordChangeAfterReset {
 
     // Update the user with the new password
     let password = data.password.clone();
-    let updated_local_user =
-      LocalUser::update_password(&mut context.pool(), local_user_id, &password)
-        .await
-        .with_lemmy_type(LemmyErrorType::CouldntUpdateUser)?;
-
-    // Return the jwt if login is allowed
-    let site_view = SiteView::read_local(&mut context.pool()).await?;
-    let jwt = if site_view.local_site.registration_mode == RegistrationMode::RequireApplication
-      && !updated_local_user.accepted_application
-    {
-      None
-    } else {
-      Some(
-        Claims::jwt(
-          updated_local_user.id.0,
-          &context.secret().jwt_secret,
-          &context.settings().hostname,
-        )?
-        .into(),
-      )
-    };
+    LocalUser::update_password(&mut context.pool(), local_user_id, &password)
+      .await
+      .with_lemmy_type(LemmyErrorType::CouldntUpdateUser)?;
 
     Ok(LoginResponse {
-      jwt,
+      jwt: None,
       verify_email_sent: false,
       registration_created: false,
     })