359f18988c
- Can now add a second email address to your account and delete one of your email addresses - Reset password now works - Resetting the password of an account without a password set will set one - Email templates overhauled - Login tokens limited to close previously devastating ($800 database bill) security hole - Login with REST API now works - Once logged in, authentication of API calls with token works - Creatures can now be fetched using the API
22 lines
578 B
JavaScript
22 lines
578 B
JavaScript
const MAX_LOGIN_TOKENS = 20;
|
|
|
|
Accounts._insertHashedLoginToken = function(userId, hashedToken, query) {
|
|
query = query ? { ...query } : {};
|
|
query._id = userId;
|
|
const user = Accounts.users.findOne(query);
|
|
let loginTokenLength = user?.services?.resume?.loginTokens?.length;
|
|
while (loginTokenLength >= MAX_LOGIN_TOKENS){
|
|
loginTokenLength -=1;
|
|
Accounts.users.update(query, {
|
|
$pop: {
|
|
'services.resume.loginTokens': -1
|
|
}
|
|
});
|
|
}
|
|
Accounts.users.update(query, {
|
|
$addToSet: {
|
|
'services.resume.loginTokens': hashedToken
|
|
}
|
|
});
|
|
};
|