fix: reset 2fa secret when resetting password

ymarcon · ymarcon · commit 636ebe4890f5 · 2024-07-24T08:39:11.000+02:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "amber",
   "description": "Electronic Data Capture system",
-  "version": "1.3.1",
+  "version": "1.3.2",
   "homepage": "",
   "private": true,
   "main": "src",
diff --git a/src/hooks/user-totp2fa-reset.js b/src/hooks/user-totp2fa-reset.js
@@ -9,10 +9,13 @@ module.exports = (options = {}) => {
         // sanitize result
         delete context.result.totp2faSecret;
       }
-      if (context.result._id && context.data && context.data.action && context.data.action.startsWith('resetPwd')) {
+      if (context.result.email && context.data && context.data.action && context.data.action.startsWith('resetPwd')) {
         // reset 2FA secret
         context.result.totp2faEnabled = false;
-        context.app.service('user').patch(context.result._id, { totp2faSecret: null });
+        const res = await context.app.service('user').find({ query: { email: context.result.email } });
+        if (res.data && res.data.length > 0) {
+          context.app.service('user').patch(res.data[0]._id, { totp2faSecret: null });
+        }
       }
     }
     return context;

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "amber",`
`3`	`3`	`"description": "Electronic Data Capture system",`
`4`		`- "version": "1.3.1",`
	`4`	`+ "version": "1.3.2",`
`5`	`5`	`"homepage": "",`
`6`	`6`	`"private": true,`
`7`	`7`	`"main": "src",`
Original file line number	Diff line number	Diff line change
`@@ -9,10 +9,13 @@ module.exports = (options = {}) => {`
`9`	`9`	`// sanitize result`
`10`	`10`	`delete context.result.totp2faSecret;`
`11`	`11`	`}`
`12`		`- if (context.result._id && context.data && context.data.action && context.data.action.startsWith('resetPwd')) {`
	`12`	`+ if (context.result.email && context.data && context.data.action && context.data.action.startsWith('resetPwd')) {`
`13`	`13`	`// reset 2FA secret`
`14`	`14`	`context.result.totp2faEnabled = false;`
`15`		`- context.app.service('user').patch(context.result._id, { totp2faSecret: null });`
	`15`	`+ const res = await context.app.service('user').find({ query: { email: context.result.email } });`
	`16`	`+ if (res.data && res.data.length > 0) {`
	`17`	`+ context.app.service('user').patch(res.data[0]._id, { totp2faSecret: null });`
	`18`	`+ }`
`16`	`19`	`}`
`17`	`20`	`}`
`18`	`21`	`return context;`