success to access password-reset-execution form with one time Url

src/server/middlewares/password-reset.js

@@ -1,10 +1,15 @@
 module.exports = (crowi, app) => {
   const PasswordResetOrder = crowi.model('PasswordResetOrder');
 
-  return (req, res, next) => {
-    // const { token } = req.params;
+  return async(req, res, next) => {
     const { token } = req.query;
-    const passwordResetOrder = PasswordResetOrder.findOne({ token });
+
+    const passwordResetOrder = await PasswordResetOrder.findOne({ token });
+    console.log('passwordResetOrder', passwordResetOrder);
+
+    if (passwordResetOrder == null) {
+      return res.redirect('/login');
+    }
 
     // http://localhost:3000/forgot-password/token?token=hoge
 

src/server/models/password-reset-order.js

@@ -17,7 +17,7 @@ class PasswordResetOrder {
 
   static generateOneTimeToken() {
     const buf = crypto.randomBytes(256);
-    const token = buf.toString('base64');
+    const token = buf.toString('hex');
 
     return token;
   }

src/server/routes/forgot-password.js

@@ -38,7 +38,7 @@ module.exports = function(crowi, app) {
 
     try {
       const passwordResetOrderData = await PasswordResetOrder.createPasswordResetOrder(email);
-      const url = new URL(`/forgot-password/token?${passwordResetOrderData.token}`, appUrl);
+      const url = new URL(`/forgot-password/hoge?token=${passwordResetOrderData.token}`, appUrl);
       const oneTimeUrl = url.href;
       await sendPasswordResetEmail(email, oneTimeUrl, i18n);
       return res.json(ApiResponse.success());