diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/routers/vault/middlewares/legacy/account.js | 7 | ||||
-rw-r--r-- | src/routers/vault/middlewares/session.js | 10 |
2 files changed, 6 insertions, 11 deletions
diff --git a/src/routers/vault/middlewares/legacy/account.js b/src/routers/vault/middlewares/legacy/account.js index 25cdac7..83048e3 100644 --- a/src/routers/vault/middlewares/legacy/account.js +++ b/src/routers/vault/middlewares/legacy/account.js @@ -161,11 +161,8 @@ const claim_by_password = async (req, res, next) => { md5saltcrypt.verify(flatfile_account.password, req.body.password)) { // update the password in SQL (deferred) console.log(`Vault.legacy.account: updating SQL password from flatfile for account ${legacy.accountId}`); - req.app.locals.legacy.login.update({ - userPass: md5saltcrypt.hash(req.body.password), - }, {where: { - accountId: legacy.accountId, - }}); + legacy.userPass = md5saltcrypt.hash(req.body.password); + legacy.save(); } else { // the password is just plain wrong res.status(404).json({ diff --git a/src/routers/vault/middlewares/session.js b/src/routers/vault/middlewares/session.js index 8b64165..b12a535 100644 --- a/src/routers/vault/middlewares/session.js +++ b/src/routers/vault/middlewares/session.js @@ -113,11 +113,8 @@ const auth_session = async (req, res, next) => { ip: req.app.locals.sequelize.vault.fn("INET6_ATON", req.ip), }); - await req.app.locals.vault.login.update({ - primaryIdentity: ident.id, - }, {where: { - id: user.id, - }}); + user.primaryIdentity = ident.id; + await user.save(); req.app.locals.logger.info(`Vault.session: created a new Vault account {${user.id}} [${req.ip}]`); await Claim.claim_accounts(req, session.email, user.id, session); @@ -245,7 +242,8 @@ const new_session = async (req, res, next) => { const account = await req.app.locals.vault.login.findOne({where: {id: identity.userId}}); if (account === null) { // unexpected: the account was deleted but not its identities - await req.app.locals.vault.identity.destroy({where: {email: req.body.email}}); + console.log(`Vault.session: removing dangling identity [${req.ip}]`); + await identity.destroy(); res.status(409).json({ status: "error", error: "data conflict", |