|
|
@@ -50,12 +50,14 @@ module.exports = (crowi) => {
|
|
|
|
|
|
try {
|
|
|
// need to handle passwordResetOrderData when user not found and not active by GW7060
|
|
|
- const passwordResetOrderData = await PasswordResetOrder.createPasswordResetOrder(email);
|
|
|
+ const user = await User.findOne({ email });
|
|
|
|
|
|
- if (passwordResetOrderData == null || passwordResetOrderData.isRevoked) {
|
|
|
- return res.apiv3Err('update-password-failed');
|
|
|
+ // when the user is not found or active
|
|
|
+ if (user == null || user.status !== 2) {
|
|
|
+ return;
|
|
|
}
|
|
|
|
|
|
+ const passwordResetOrderData = await PasswordResetOrder.createPasswordResetOrder(email);
|
|
|
const url = new URL(`/forgot-password/${passwordResetOrderData.token}`, appUrl);
|
|
|
const oneTimeUrl = url.href;
|
|
|
await sendPasswordResetEmail(email, oneTimeUrl, i18n);
|
kaori