Feat: Refresh login token for the client initiating password change (#4214)

2025-10-31 03:19:20 +08:00 · 2023-12-18 19:52:49 +08:00
parent 996ff28ed9
commit c9fe6b5d01
3 changed files with 15 additions and 2 deletions
--- a/server/model/user.js
+++ b/server/model/user.js
@@ -25,8 +25,14 @@ class User extends BeanModel {
     * @returns {Promise<void>}
     */
    async resetPassword(newPassword) {
-        await User.resetPassword(this.id, newPassword);
-        this.password = newPassword;
+        const hashedPassword = passwordHash.generate(newPassword);
+
+        await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
+            hashedPassword,
+            this.id
+        ]);
+
+        this.password = hashedPassword;
    }

    /**
--- a/server/server.js
+++ b/server/server.js
@@ -1270,6 +1270,7 @@ let needSetup = false;

                callback({
                    ok: true,
+                    token: User.createJWT(user, server.jwtSecret),
                    msg: "successAuthChangePassword",
                    msgi18n: true,
                });
--- a/src/components/settings/Security.vue
+++ b/src/components/settings/Security.vue
@@ -177,6 +177,12 @@ export default {
                            this.password.currentPassword = "";
                            this.password.newPassword = "";
                            this.password.repeatNewPassword = "";
+
+                            // Update token of the current session
+                            if (res.token) {
+                                this.$root.storage().token = res.token;
+                                this.$root.socket.token = res.token;
+                            }
                        }
                    });
            }