Include password token entity ID in reset URL in order to prevent loading all tokens.

2022-01-27 08:44:12 -05:00 · 2022-01-27 08:44:12 -05:00 · 6546418052
commit 6546418052
parent 7a1a01d43e
7 changed files with 50 additions and 35 deletions
--- a/services/auth_test.go
+++ b/services/auth_test.go
@ -59,13 +59,13 @@ func TestAuthClient_GeneratePasswordResetToken(t *testing.T) {

 func TestAuthClient_GetValidPasswordToken(t *testing.T) {
 	// Check that a fake token is not valid
-	_, err := c.Auth.GetValidPasswordToken(ctx, "faketoken", usr.ID)
+	_, err := c.Auth.GetValidPasswordToken(ctx, usr.ID, 1, "faketoken")
 	assert.Error(t, err)

 	// Generate a valid token and check that it is returned
 	token, pt, err := c.Auth.GeneratePasswordResetToken(ctx, usr.ID)
 	require.NoError(t, err)
-	pt2, err := c.Auth.GetValidPasswordToken(ctx, token, usr.ID)
+	pt2, err := c.Auth.GetValidPasswordToken(ctx, usr.ID, pt.ID, token)
 	require.NoError(t, err)
 	assert.Equal(t, pt.ID, pt2.ID)

@ -78,7 +78,7 @@ func TestAuthClient_GetValidPasswordToken(t *testing.T) {
 	require.NoError(t, err)

 	// Expired tokens should not be valid
-	_, err = c.Auth.GetValidPasswordToken(ctx, token, usr.ID)
+	_, err = c.Auth.GetValidPasswordToken(ctx, usr.ID, pt.ID, token)
 	assert.Error(t, err)
 }