feat: add a security measure to forgot-password

saisilinus · Oct 17, 2022 · dad0e99 · dad0e99
1 parent 7826104
commit dad0e99
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/modules/auth/auth.controller.ts b/src/modules/auth/auth.controller.ts
@@ -32,7 +32,7 @@ export const refreshTokens = catchAsync(async (req: Request, res: Response) => {
 export const forgotPassword = catchAsync(async (req: Request, res: Response) => {
   const resetPasswordToken = await tokenService.generateResetPasswordToken(req.body.email);
   await emailService.sendResetPasswordEmail(req.body.email, resetPasswordToken);
-  res.status(httpStatus.NO_CONTENT).send();
+  res.status(httpStatus.NO_CONTENT).send('');
 });
 
 export const resetPassword = catchAsync(async (req: Request, res: Response) => {

diff --git a/src/modules/token/token.service.ts b/src/modules/token/token.service.ts
@@ -115,7 +115,7 @@ export const generateAuthTokens = async (user: IUserDoc): Promise<AccessAndRefre
 export const generateResetPasswordToken = async (email: string): Promise<string> => {
   const user = await userService.getUserByEmail(email);
   if (!user) {
-    throw new ApiError(httpStatus.NOT_FOUND, 'No users found with this email');
+    throw new ApiError(httpStatus.NO_CONTENT, '');
   }
   const expires = moment().add(config.jwt.resetPasswordExpirationMinutes, 'minutes');
   const resetPasswordToken = generateToken(user.id, expires, tokenTypes.RESET_PASSWORD);