feat: clear reset tokens on successful login

src/controllers/authentication.js

@@ -360,6 +360,7 @@ authenticationController.onSuccessfulLogin = async function (req, uid) {
 		await meta.blacklist.test(req.ip);
 		await user.logIP(uid, req.ip);
 		await user.bans.unbanIfExpired([uid]);
+		await user.reset.cleanByUid(uid);
 
 		req.session.meta = {};
 

test/authentication.js

@@ -556,4 +556,11 @@ describe('authentication', () => {
 			},
 		], done);
 	});
+
+	it('should clear all reset tokens upon successful login', async () => {
+		const code = await user.reset.generate(regularUid);
+		await loginUserPromisified('regular', 'regularpwd');
+		const valid = await user.reset.validate(code);
+		assert.strictEqual(valid, false);
+	});
 });