Improved Email Change and Password Reset token security by increasing token size.

src/schemas/user/emailChangeSchema.js

@@ -52,7 +52,7 @@ const emailChangeSchema = new mongoose.Schema({
         type: mongoose.SchemaTypes.String,
         required: true,
         //Use a cryptographically secure algorythm to create a random hex string from 16 bytes as our change/cancel token
-        default: ()=>{return crypto.randomBytes(16).toString('hex')}
+        default: ()=>{return crypto.randomBytes(32).toString('hex')}
     },
     ipHash: {
         type: mongoose.SchemaTypes.String,

src/schemas/user/passwordResetSchema.js

@@ -48,7 +48,7 @@ const passwordResetSchema = new mongoose.Schema({
         type: mongoose.SchemaTypes.String,
         required: true,
         //Use a cryptographically secure algorythm to create a random hex string from 16 bytes as our reset token
-        default: ()=>{return crypto.randomBytes(16).toString('hex')}
+        default: ()=>{return crypto.randomBytes(32).toString('hex')}
     },
     ipHash: {
         type: mongoose.SchemaTypes.String,

src/validators/accountValidator.js

@@ -185,8 +185,8 @@ module.exports.securityToken = function(field = 'token'){
             isHexadecimal: true,
             isLength: {
                 options: {
-                    min: 32,
-                    max: 32
+                    min: 64,
+                    max: 64
                 }
             },
             errorMessage: "Invalid security token."