diff --git a/src/changepassword/controller.ts b/src/changepassword/controller.ts index 6710fed5..8bf4e7b3 100644 --- a/src/changepassword/controller.ts +++ b/src/changepassword/controller.ts @@ -40,7 +40,7 @@ class ChangePasswordController extends Controller { return; } - await UserService.updatePassword(user, userNewPassword); + await UserService.updatePassword(user, userNewPassword, false); ctx.session = { user: user, diff --git a/src/migrations/20220804145233_add_reset_flag_to_users.ts b/src/migrations/20220804145233_add_reset_flag_to_users.ts new file mode 100644 index 00000000..293c3378 --- /dev/null +++ b/src/migrations/20220804145233_add_reset_flag_to_users.ts @@ -0,0 +1,30 @@ +import { Knex } from 'knex'; + +export async function up(knex: Knex): Promise { + + await knex.schema.alterTable('user_passwords', table => { + table + .string('force_reset') + .nullable(); + }); + + await knex.raw('UPDATE user_passwords SET force_reset = false WHERE force_reset IS NULL'); + + await knex.schema.alterTable('user_passwords', table => { + table + .string('force_reset') + .notNullable() + .alter(); + }); +} + + +export async function down(knex: Knex): Promise { + + await knex.schema.createTable('user_passwords', table => { + table + .dropColumn('force_reset'); + }); + +} + diff --git a/src/register/controller/user.ts b/src/register/controller/user.ts index d8f56f9e..1bb9508f 100644 --- a/src/register/controller/user.ts +++ b/src/register/controller/user.ts @@ -69,7 +69,7 @@ class UserRegistrationController extends Controller { ); } - await userService.createPassword(user, userPassword); + await userService.createPassword(user, userPassword, false); if (addMfa && getSetting('registration.mfa.enabled')) { ctx.session = { diff --git a/src/reset-password/controller/reset-password.ts b/src/reset-password/controller/reset-password.ts index b66b4ac6..8d96a84c 100644 --- a/src/reset-password/controller/reset-password.ts +++ b/src/reset-password/controller/reset-password.ts @@ -43,7 +43,7 @@ class ResetPasswordController extends Controller { return; } - await UserService.updatePassword(user, resetNewPassword); + await UserService.updatePassword(user, resetNewPassword, false); delete ctx.session.resetPasswordUser; log(EventType.resetPasswordSuccess, ctx.ip()!, user.id); diff --git a/src/user/controller/password.ts b/src/user/controller/password.ts index c3380192..e5d4e638 100644 --- a/src/user/controller/password.ts +++ b/src/user/controller/password.ts @@ -18,7 +18,7 @@ class UserPasswordController extends Controller { const password = userBody.newPassword; - await userService.updatePassword(user, password); + await userService.updatePassword(user, password, false); ctx.response.status = 204; diff --git a/src/user/service.ts b/src/user/service.ts index c0dcf33a..24645966 100644 --- a/src/user/service.ts +++ b/src/user/service.ts @@ -7,21 +7,22 @@ type PasswordRow = { password: Buffer; }; -export async function createPassword(user: User, password: string): Promise { +export async function createPassword(user: User, password: string, forceReset: boolean): Promise { await db('user_passwords').insert({ user_id: user.id, - password: await bcrypt.hash(password, 12) + password: await bcrypt.hash(password, 12), + force_reset: forceReset }); } -export async function updatePassword(user: User, password: string): Promise { +export async function updatePassword(user: User, password: string, force_reset: boolean): Promise { - const query = 'INSERT INTO user_passwords (password, user_id) VALUES (?, ?) ON DUPLICATE KEY UPDATE password = ?'; + const query = 'INSERT INTO user_passwords (password, user_id, force_reset) VALUES (?, ?, ?) ON CONFLICT(user_id) DO UPDATE SET password = ?'; const hashedPw = await bcrypt.hash(password, 12); - await db.raw(query, [hashedPw, user.id, hashedPw]); + await db.raw(query, [hashedPw, user.id, force_reset, hashedPw]); }