Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

generate unique onetime token

kaori 4 years ago
parent
4fee44baed
commit
3d30d4cc8b
2 changed files with 14 additions and 1 deletions
Split View Show Diff Stats
  1. 13 0
      src/server/models/password-reset-order.js
  2. 1 1
      src/server/routes/forgot-password.js

+ 13 - 0
src/server/models/password-reset-order.js
View File 

@@ -21,6 +21,19 @@ class PasswordResetOrder {
 
     return token;
 
   }
 
 
+  static async generateUniqueOneTimeToken() {
 
+    let token;
 
+    let duplicateToken;
 
+
 
+    do {
 
+      token = this.generateOneTimeToken();
 
+      // eslint-disable-next-line no-await-in-loop
 
+      duplicateToken = await this.findOne({ token });
 
+    } while (duplicateToken != null);
 
+
 
+    return token;
 
+  }
 
+
 
   static isExpired() {
 
     return this.expiredAt.getTime() < new Date().getTime();
 
   }

+ 1 - 1
src/server/routes/forgot-password.js
View File 

@@ -30,7 +30,7 @@ module.exports = function(crowi, app) {
 
   }
 
 
   api.post = async function(req, res) {
 
-    const oneTimeToken = await PasswordResetOrder.generateOneTimeToken();
 
+    const oneTimeToken = await PasswordResetOrder.generateUniqueOneTimeToken();
 
     await sendPasswordResetEmail();
 
     return;
 
   };