無法復位的併發性問題,爲多個用戶重設密碼。我卡住,而多個用戶試圖重置密碼多用戶密碼和的NodeJS ExpressJS
我如何捕獲確切的重置令牌發送到電子郵件中的特定用戶作爲鏈接?假設當兩個用戶試圖重置密碼時,resetQueryParameter
將被覆蓋。我該如何處理?
獲取從查詢參數的令牌時在電子郵件重置鏈接,用戶點擊:
// global variable
var resetQueryParameters = '';
//CAPTURE TOKEN (QUERY PARAMS) FROM LINK
app.get('/resetQuery/', function (req, res) {
//SET THE TOKEN TO VARIABLE
resetQueryParameters = req.query.token;
r.db('myDB').table('Reset_Password').filter(r.row('auth_key').eq(req.query.token)).
run(myConnection, function (err, cursor) {
if (err) {
return next(err);
}
cursor.toArray(function (err, result) {
if (err) {
throw err;
} else {
if (result.length > 0) {
res.redirect(redirectResetPage);
} else {
res.redirect(redirectLoginPage);
}
return result;
console.log("printing reset link from db.....", JSON.stringify(result, null, 2));
}
});
});
});
得到令牌時上鍊接的用戶點擊和驗證簽名:
function resetPassword(req, res, next) {
console.log('reset password called from external link.....');
nJwt.verify(resetQueryParameters, secretKey, function (err, verifiedJwt) {
if (err) {
console.log('reset token not valid...', err);
} else {
var params = {
'username': verifiedJwt.body.details,
'newPassword': req.params.newPassword
};
getApiResponse(resetURL, params, function (res1) {
console.log('sending reset params to server...', params);
if (res1.error) {
console.log('Could not reset password......', res1.error);
} else {
console.log('reset password success.....');
resetQueryParameters = '';
res.json(res1);
}
});
}
});
}
爲什麼不將'req.query.token'傳遞給'resetPassword'方法? – Aruna
@Aruna'req.query.token'仍然覆蓋這樣 – kittu
檢查我的回答如下,您可以使用相同的其他名稱,例如,req.query.resetToken等 – Aruna