fix: #7477

6 years ago · 240f563ab0
parent 1f4db132d5
commit 240f563ab0
2 changed files with 13 additions and 5 deletions
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@ -273,13 +273,20 @@ function continueLogin(req, res, next) {
 		if (passwordExpiry && passwordExpiry < Date.now()) {
 			winston.verbose('[auth] Triggering password reset for uid ' + userData.uid + ' due to password policy');
 			req.session.passwordExpired = true;
-			user.reset.generate(userData.uid, function (err, code) {
+
 			async.series({
 				code: async.apply(user.reset.generate, userData.uid),
 				buildHeader: async.apply(middleware.buildHeader, req, res),
 				header: async.apply(middleware.generateHeader, req, res, {}),
 			}, function (err, payload) {
 				if (err) {
 					return helpers.noScriptErrors(req, res, err.message, 403);
 				}
 				res.status(200).send({
-					next: nconf.get('relative_path') + '/reset/' + code,
+					next: nconf.get('relative_path') + '/reset/' + payload.code,
 					header: payload.header,
 					config: res.locals.config,
 				});
 			});
 		} else {
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@ -62,10 +62,11 @@ Controllers.reset = function (req, res, next) {
 	};
 	if (req.params.code) {
-		// Save to session and redirect
+		// Save to session
 		req.session.reset_code = req.params.code;
-		res.redirect(nconf.get('relative_path') + '/reset');
+	}
-	} else if (req.session.reset_code) {
+
 	if (req.session.reset_code) {
 		// Validate and save to local variable before removing from session
 		user.reset.validate(req.session.reset_code, function (err, valid) {
 			if (err) {