fix(core): Use JWT as reset password token (#6714)

* use jwt to reset password * increase expiration time to 1d * drop user id query string * refactor * use service instead of package in tests * sqlite migration * postgres migration * mysql migration * remove unused properties * remove userId from FE * fix test for users.api * move migration to the common folder * move type assertion to the jwt.service * Add jwt secret as a readonly property * use signData instead of sign in user.controller * remove base class * remove base class * add tests
2025-12-18 02:21:13 +00:00 · 2023-07-24 17:40:17 -04:00
parent c2511a829c
commit 89f44021b9
19 changed files with 209 additions and 146 deletions
--- a/packages/cli/test/integration/users.api.test.ts
+++ b/packages/cli/test/integration/users.api.test.ts
@@ -78,7 +78,6 @@ describe('GET /users', () => {
 				personalizationAnswers,
 				globalRole,
 				password,
-				resetPasswordToken,
 				isPending,
 				apiKey,
 			} = user;
@@ -89,7 +88,6 @@ describe('GET /users', () => {
 			expect(lastName).toBeDefined();
 			expect(personalizationAnswers).toBeUndefined();
 			expect(password).toBeUndefined();
-			expect(resetPasswordToken).toBeUndefined();
 			expect(isPending).toBe(false);
 			expect(globalRole).toBeDefined();
 			expect(apiKey).not.toBeDefined();
@@ -254,7 +252,6 @@ describe('POST /users/:id', () => {
 			lastName,
 			personalizationAnswers,
 			password,
-			resetPasswordToken,
 			globalRole,
 			isPending,
 			apiKey,
@@ -266,7 +263,6 @@ describe('POST /users/:id', () => {
 		expect(lastName).toBe(memberData.lastName);
 		expect(personalizationAnswers).toBeNull();
 		expect(password).toBeUndefined();
-		expect(resetPasswordToken).toBeUndefined();
 		expect(isPending).toBe(false);
 		expect(globalRole).toBeDefined();
 		expect(apiKey).not.toBeDefined();
@@ -404,14 +400,12 @@ describe('POST /users', () => {
 			}

 			const storedUser = await Db.collections.User.findOneByOrFail({ id });
-			const { firstName, lastName, personalizationAnswers, password, resetPasswordToken } =
-				storedUser;
+			const { firstName, lastName, personalizationAnswers, password } = storedUser;

 			expect(firstName).toBeNull();
 			expect(lastName).toBeNull();
 			expect(personalizationAnswers).toBeNull();
 			expect(password).toBeNull();
-			expect(resetPasswordToken).toBeNull();
 		}
 	});