summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/routers/vault/middlewares/legacy/account.js7
-rw-r--r--src/routers/vault/middlewares/session.js10
2 files changed, 6 insertions, 11 deletions
diff --git a/src/routers/vault/middlewares/legacy/account.js b/src/routers/vault/middlewares/legacy/account.js
index 25cdac7..83048e3 100644
--- a/src/routers/vault/middlewares/legacy/account.js
+++ b/src/routers/vault/middlewares/legacy/account.js
@@ -161,11 +161,8 @@ const claim_by_password = async (req, res, next) => {
md5saltcrypt.verify(flatfile_account.password, req.body.password)) {
// update the password in SQL (deferred)
console.log(`Vault.legacy.account: updating SQL password from flatfile for account ${legacy.accountId}`);
- req.app.locals.legacy.login.update({
- userPass: md5saltcrypt.hash(req.body.password),
- }, {where: {
- accountId: legacy.accountId,
- }});
+ legacy.userPass = md5saltcrypt.hash(req.body.password);
+ legacy.save();
} else {
// the password is just plain wrong
res.status(404).json({
diff --git a/src/routers/vault/middlewares/session.js b/src/routers/vault/middlewares/session.js
index 8b64165..b12a535 100644
--- a/src/routers/vault/middlewares/session.js
+++ b/src/routers/vault/middlewares/session.js
@@ -113,11 +113,8 @@ const auth_session = async (req, res, next) => {
ip: req.app.locals.sequelize.vault.fn("INET6_ATON", req.ip),
});
- await req.app.locals.vault.login.update({
- primaryIdentity: ident.id,
- }, {where: {
- id: user.id,
- }});
+ user.primaryIdentity = ident.id;
+ await user.save();
req.app.locals.logger.info(`Vault.session: created a new Vault account {${user.id}} [${req.ip}]`);
await Claim.claim_accounts(req, session.email, user.id, session);
@@ -245,7 +242,8 @@ const new_session = async (req, res, next) => {
const account = await req.app.locals.vault.login.findOne({where: {id: identity.userId}});
if (account === null) {
// unexpected: the account was deleted but not its identities
- await req.app.locals.vault.identity.destroy({where: {email: req.body.email}});
+ console.log(`Vault.session: removing dangling identity [${req.ip}]`);
+ await identity.destroy();
res.status(409).json({
status: "error",
error: "data conflict",