ricola/vedia
0
0
Fork 0
Code Issues 17 Pull requests Projects Releases Packages Wiki Activity Actions

Hash reset codes in database

Browse source 
Otherwise, they can be reused if the database gets leaked.
This commit is contained in:
ricola 2025-06-07 19:28:58 -06:00
parent fa4f77c365
commit dc22a5bc7c
2 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

13
vedia.rb
View file

@ -130,7 +130,8 @@ end
post '/reset' do
@user = User.find_by(email: params[:email])
if @user
@user.reset = SecureRandom.uuid
@reset = SecureRandom.uuid
@user.reset = hash_password(@reset)
@user.save
mail = Mail.new
mail.from = settings.admin_email
@ -143,7 +144,10 @@ post '/reset' do
end
get '/reset/:uuid' do
@user = User.find_by(reset: params[:uuid])
@user = nil
User.where.not(reset: nil).each do |user|
@user = user if verify_password(params[:uuid], user.reset)
end
if @user
erb :reset_change
else
@ -152,7 +156,10 @@ get '/reset/:uuid' do
end
post '/reset/:uuid' do
@user = User.find_by(reset: params[:uuid])
@user = nil
User.where.not(reset: nil).each do |user|
@user = user if verify_password(params[:uuid], user.reset)
end
if @user
@errors = []
if params[:password].empty?