camzalewski/personal-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Use user ID in password reset route in order to properly compare token hashes.

Browse source
This commit is contained in:
mikestefanello 2021-12-16 19:49:33 -05:00
parent e6a5fa58c7
commit b383be5dac
6 changed files with 40 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
routes/router.go
View file

@ -106,6 +106,6 @@ func userRoutes(c *container.Container, g *echo.Group, ctr controller.Controller
resetGroup := noAuth.Group("/password/reset", middleware.LoadValidPasswordToken(c.Auth))
reset := ResetPassword{Controller: ctr}
resetGroup.GET("/token/:password_token", reset.Get).Name = "reset_password"
resetGroup.POST("/token/:password_token", reset.Post).Name = "reset_password.post"
resetGroup.GET("/token/:user/:password_token", reset.Get).Name = "reset_password"
resetGroup.POST("/token/:user/:password_token", reset.Post).Name = "reset_password.post"
}