From bf90c110309b9e741963a0ce5b4b574cb8b897c5 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Tue, 3 Jul 2012 13:12:57 +0100
Subject: [PATCH] update email_for_token to properly handle the password_reset
 case, remove debug logging

---
 lib/wsapi/email_for_token.js       | 8 +++++++-
 lib/wsapi/password_reset_status.js | 3 ---
 lib/wsapi/stage_reset.js           | 1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/wsapi/email_for_token.js b/lib/wsapi/email_for_token.js
index da6bb87d9..206b7e236 100644
--- a/lib/wsapi/email_for_token.js
+++ b/lib/wsapi/email_for_token.js
@@ -20,6 +20,7 @@ exports.args = ['token'];
 exports.i18n = false;
 
 exports.process = function(req, res) {
+
   db.emailForVerificationSecret(req.query.token, function(err, email, uid, hash) {
     if (err) {
       if (err === 'database unavailable') {
@@ -41,10 +42,15 @@ exports.process = function(req, res) {
       if (uid && req.session.userid === uid) {
         must_auth = false;
       }
-      else if (typeof req.session.pendingCreation === 'string' &&
+      else if (!uid && typeof req.session.pendingCreation === 'string' &&
                req.query.token === req.session.pendingCreation) {
         must_auth = false;
       }
+      else if (typeof req.session.pendingReset === 'string' &&
+               req.query.token === req.session.pendingReset)
+      {
+        must_auth = false;
+      }
 
       res.json({
         success: true,
diff --git a/lib/wsapi/password_reset_status.js b/lib/wsapi/password_reset_status.js
index dd1ff5767..6059eac06 100644
--- a/lib/wsapi/password_reset_status.js
+++ b/lib/wsapi/password_reset_status.js
@@ -36,11 +36,8 @@ exports.process = function(req, res) {
     if (staged) {
       return res.json({ status: 'pending' });
     } else {
-      console.log("A", req.session);
       if (wsapi.isAuthed(req, 'assertion')) {
-        console.log("B");
         db.userOwnsEmail(req.session.userid, email, function(err, owned) {
-          console.log("C", err, owned);
           if (err) wsapi.databaseDown(res, err);
           else if (owned) res.json({ status: 'complete', userid: req.session.userid });
           else res.json({ status: 'mustAuth' });
diff --git a/lib/wsapi/stage_reset.js b/lib/wsapi/stage_reset.js
index ccc0a4eca..a8aefbbcb 100644
--- a/lib/wsapi/stage_reset.js
+++ b/lib/wsapi/stage_reset.js
@@ -91,6 +91,7 @@ exports.process = function(req, res) {
             req.session.pendingReset = secret;
             
             res.json({ success: true });
+
             // let's now kick out a verification email!
             email.sendForgotPasswordEmail(req.body.email, req.body.site, secret, langContext);
           });
-- 
GitLab