camzalewski/personal-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Include password token entity ID in reset URL in order to prevent loading all tokens.

Browse source
This commit is contained in:
mikestefanello 2022-01-27 08:44:12 -05:00
parent 5c64cd6191
commit f4c98ba523
7 changed files with 50 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

4
routes/router.go
View file

@ -104,6 +104,6 @@ func userRoutes(c *services.Container, g *echo.Group, ctr controller.Controller)
middleware.LoadValidPasswordToken(c.Auth),
)
reset := ResetPassword{Controller: ctr}
resetGroup.GET("/token/:user/:password_token", reset.Get).Name = "reset_password"
resetGroup.POST("/token/:user/:password_token", reset.Post).Name = "reset_password.post"
resetGroup.GET("/token/:user/:password_token/:token", reset.Get).Name = "reset_password"
resetGroup.POST("/token/:user/:password_token/:token", reset.Post).Name = "reset_password.post"
}