Dont authenticate user after successful password reset #3714 (#3715)

Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
This commit is contained in:
Into the V0id 2023-07-25 17:33:02 +00:00 committed by GitHub
parent 9a1f9aad45
commit cf2229d665
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -5,15 +5,11 @@ use lemmy_api_common::{
person::{LoginResponse, PasswordChangeAfterReset}, person::{LoginResponse, PasswordChangeAfterReset},
utils::password_length_check, utils::password_length_check,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::source::{
source::{local_user::LocalUser, password_reset_request::PasswordResetRequest}, local_user::LocalUser,
RegistrationMode, password_reset_request::PasswordResetRequest,
};
use lemmy_db_views::structs::SiteView;
use lemmy_utils::{
claims::Claims,
error::{LemmyError, LemmyErrorExt, LemmyErrorType},
}; };
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[async_trait::async_trait(?Send)] #[async_trait::async_trait(?Send)]
impl Perform for PasswordChangeAfterReset { impl Perform for PasswordChangeAfterReset {
@ -38,30 +34,12 @@ impl Perform for PasswordChangeAfterReset {
// Update the user with the new password // Update the user with the new password
let password = data.password.clone(); let password = data.password.clone();
let updated_local_user =
LocalUser::update_password(&mut context.pool(), local_user_id, &password) LocalUser::update_password(&mut context.pool(), local_user_id, &password)
.await .await
.with_lemmy_type(LemmyErrorType::CouldntUpdateUser)?; .with_lemmy_type(LemmyErrorType::CouldntUpdateUser)?;
// Return the jwt if login is allowed
let site_view = SiteView::read_local(&mut context.pool()).await?;
let jwt = if site_view.local_site.registration_mode == RegistrationMode::RequireApplication
&& !updated_local_user.accepted_application
{
None
} else {
Some(
Claims::jwt(
updated_local_user.id.0,
&context.secret().jwt_secret,
&context.settings().hostname,
)?
.into(),
)
};
Ok(LoginResponse { Ok(LoginResponse {
jwt, jwt: None,
verify_email_sent: false, verify_email_sent: false,
registration_created: false, registration_created: false,
}) })