yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Prevent email login token reuse

Browse Source
This commit is contained in:
Tom Moor
2024-06-04 23:38:00 -04:00
parent 70bc8f1a5a
commit 7eb6dcf00b
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/utils/jwt.ts
View File

@@ -91,6 +91,12 @@ export async function getUserForEmailSigninToken(token: string): Promise<User> {
rejectOnEmpty: true, rejectOnEmpty: true,
}); });
if (user.lastSignedInAt) {
if (user.lastSignedInAt > new Date(payload.createdAt)) {
throw AuthenticationError("Expired token");
}
}
try { try {
JWT.verify(token, user.jwtSecret); JWT.verify(token, user.jwtSecret);
} catch (err) { } catch (err) {