Send 204 regardless of user existance

2024-11-08 11:52:55 +01:00 · 2024-08-21 20:50:42 +02:00 · 2024-08-21 20:50:42 +02:00 · 98c1b93133
commit 98c1b93133
parent dbd93bdd7c
1 changed files with 13 additions and 53 deletions
--- a/src/api/routes/auth/forgot.ts
+++ b/src/api/routes/auth/forgot.ts
@ -17,15 +17,8 @@
 */

 import { getIpAdress, route, verifyCaptcha } from "@spacebar/api";
-import {
-	Config,
-	Email,
-	FieldErrors,
-	ForgotPasswordSchema,
-	User,
-} from "@spacebar/util";
+import { Config, Email, ForgotPasswordSchema, User } from "@spacebar/util";
 import { Request, Response, Router } from "express";
-import { HTTPError } from "lambert-server";
 const router = Router();

 router.post(
@ -37,9 +30,6 @@ router.post(
 			400: {
 				body: "APIErrorOrCaptchaResponse",
 			},
-			500: {
-				body: "APIErrorResponse",
-			},
 		},
 	}),
 	async (req: Request, res: Response) => {
@ -71,50 +61,20 @@ router.post(
 			}
 		}

-		const user = await User.findOneOrFail({
+		res.sendStatus(204);
+
+		const user = await User.findOne({
 			where: [{ phone: login }, { email: login }],
-			select: ["username", "id", "disabled", "deleted", "email"],
-			relations: ["security_keys"],
-		}).catch(() => {
-			throw FieldErrors({
-				login: {
-					message: req.t("auth:password_reset.EMAIL_DOES_NOT_EXIST"),
-					code: "EMAIL_DOES_NOT_EXIST",
-				},
-			});
-		});
+			select: ["username", "id", "email"],
+		}).catch(() => {});

-		if (!user.email)
-			throw FieldErrors({
-				login: {
-					message:
-						"This account does not have an email address associated with it.",
-					code: "NO_EMAIL",
-				},
-			});
-
-		if (user.deleted)
-			return res.status(400).json({
-				message: "This account is scheduled for deletion.",
-				code: 20011,
-			});
-
-		if (user.disabled)
-			return res.status(400).json({
-				message: req.t("auth:login.ACCOUNT_DISABLED"),
-				code: 20013,
-			});
-
-		return await Email.sendResetPassword(user, user.email)
-			.then(() => {
-				return res.sendStatus(204);
-			})
-			.catch((e) => {
+		if (user && user.email) {
+			Email.sendResetPassword(user, user.email).catch((e) => {
 				console.error(
-					`Failed to send password reset email to ${user.username}#${user.discriminator}: ${e}`,
+					`Failed to send password reset email to ${user.username}#${user.discriminator} (${user.id}): ${e}`,
 				);
-				throw new HTTPError("Failed to send password reset email", 500);
 			});
+		}
 	},
 );