Password reset does not need an email

This commit is contained in:
Johannes Zellner
2020-02-04 17:05:08 +01:00
parent 18bbe70364
commit 6745221e0f
5 changed files with 18 additions and 22 deletions

View File

@@ -92,12 +92,14 @@ function getOwner(callback) {
});
}
function getByResetToken(email, resetToken, callback) {
assert.strictEqual(typeof email, 'string');
function getByResetToken(resetToken, callback) {
assert.strictEqual(typeof resetToken, 'string');
assert.strictEqual(typeof callback, 'function');
database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE email=? AND resetToken=?', [ email, resetToken ], function (error, result) {
// empty reset tokens means it does not exist
if (!resetToken) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));
database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE resetToken=?', [ resetToken ], function (error, result) {
if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));