Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password reset link: Invalid user error #22

Open
svenissimo opened this issue Mar 30, 2024 · 2 comments
Open

Password reset link: Invalid user error #22

svenissimo opened this issue Mar 30, 2024 · 2 comments

Comments

@svenissimo
Copy link

When going through the password-reset flow for email/password breaks when entering new password

Error
Invalid user
The user associated with this session is invalid.

Configuration

  • turso db.
  • mailhog.

Steps

  • create an account using email and password
  • verify account
  • log out
  • login screen -> reset password
  • enter email
  • click reset link and enter new password.
  • Error shown.

Appears that locals does not have valid user.

		try {
			const { token } = params;
			const userId = await validatePasswordResetToken(token);
			const { user } = locals;

			console.log('XXX', { user, userId });
			if (!user || user.id !== userId) {
				const feedbacks = getFeedbackObjects([
					{
						type: 'error',
						title: 'Invalid user',
						message: 'The user associated with this session is invalid.'
					}
				]);
@ihsanmohamad
Copy link

ihsanmohamad commented Apr 12, 2024
edited
Loading

I did something like this for my project.
where I add my own getUserById in my users.ts inside postgres drizzle.

try {
			const { token } = event.params;
			const userId = await validatePasswordResetToken(token);
			const user = await getUserById(userId);

			if (!user || user.id !== userId) {
				setFlash({ type: 'error', title: 'Invalid user', description: 'The user associated with this session is invalid.' }, event);
				return fail(400, {
					form
				});
			}
			// Invalidate all sessions and update the password
			await lucia.invalidateUserSessions(userId);
			await resetPassword(userId, await new Argon2id().hash(password));

			// If the user has not verified their email, verify it now
			if (!user.emailVerified) {
				await updateUserData(userId, { emailVerified: true });
			}

			const session = await lucia.createSession(user.id, {
				createdAt: new Date(),
				updatedAt: new Date()
			});

			const sessionCookie = lucia.createSessionCookie(session.id);
			event.cookies.set(sessionCookie.name, sessionCookie.value, {
				path: '.',
				...sessionCookie.attributes
			});
		} catch (e) {
			setFlash({ type: 'error', title: 'Invalid reset link', description: 'Your password reset link is invalid or has expired. Please try again..' }, event);
			return fail(400, {
				form
			});
		}

@svenissimo
Copy link
Author

@ihsanmohamad thanks I already resolved doing almost the exact approach :)

I had contemplated raising a PR but I feel like the repo is not actively maintained.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@svenissimo @ihsanmohamad