rainbownapkin/canopy
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Improved Email Change and Password Reset token security by increasing token size.

Browse source
This commit is contained in:
rainbow napkin 2025-10-18 08:36:05 -04:00
parent 06f552a9ec
commit 7f6abdf8e2
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/schemas/user/emailChangeSchema.js
View file

@ -52,7 +52,7 @@ const emailChangeSchema = new mongoose.Schema({
type: mongoose.SchemaTypes.String,
required: true,
//Use a cryptographically secure algorythm to create a random hex string from 16 bytes as our change/cancel token
default: ()=>{return crypto.randomBytes(16).toString('hex')}
default: ()=>{return crypto.randomBytes(32).toString('hex')}
},
ipHash: {
type: mongoose.SchemaTypes.String,

2
src/schemas/user/passwordResetSchema.js
View file

@ -48,7 +48,7 @@ const passwordResetSchema = new mongoose.Schema({
type: mongoose.SchemaTypes.String,
required: true,
//Use a cryptographically secure algorythm to create a random hex string from 16 bytes as our reset token
default: ()=>{return crypto.randomBytes(16).toString('hex')}
default: ()=>{return crypto.randomBytes(32).toString('hex')}
},
ipHash: {
type: mongoose.SchemaTypes.String,