Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix reset PasswordToken #6366

Merged
merged 1 commit into from
Jul 22, 2024
Merged

Fix reset PasswordToken #6366

merged 1 commit into from
Jul 22, 2024

Conversation

charlesBochet
Copy link
Member

Bug Description

We are facing a bug in case recaptcha is enabled.
To reproduce:

CAPTCHA_SECRET_KEY=REPLACE_ME
CAPTCHA_SITE_KEY=REPLACE_ME
CAPTCHA_DRIVER=google-recaptcha
  • Go to the login page, enter an existing user email and hit 'Reset your password'.

  • Add a console.log in emailPasswordResetLink in auth.resolver.ts to get the token that would be sent by email if you don't have the mailer setup

  • Browse: /reset-password/{passwordToken}

  • Update the password:

image
  • See that the token is invalid

You should see two calls in your developer network tab. A successful one to update the password and another to log you in. This 2nd call (Challenge) does not have the captcha token provided. It should be

Fix

  • Refreshing the token on page load
  • providing it to the Challenge graphql call

Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

This pull request addresses a bug related to reCAPTCHA during the password reset process by ensuring the captcha token is refreshed and included in subsequent requests.

  • Updated packages/twenty-front/project.json to increase --max_old_space_size for Node.js from 5000 to 6000 for storybook:build.
  • Modified packages/twenty-front/src/effect-components/PageChangeEffect.tsx to request a fresh captcha token on the password reset page.
  • Enhanced packages/twenty-front/src/pages/auth/PasswordReset.tsx to fetch and include a reCAPTCHA token in the signInWithCredentials call.
  • Deleted packages/twenty-server/src/engine/core-modules/auth/dto/password-reset-token.input.ts, removing the PasswordResetTokenInput class.

4 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings

@thomtrp thomtrp merged commit c69d665 into main Jul 22, 2024
14 checks passed
@thomtrp thomtrp deleted the fix-reset-password branch July 22, 2024 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants