summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api/endpoints/request-reset-password.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server/api/endpoints/request-reset-password.ts')
-rw-r--r--packages/backend/src/server/api/endpoints/request-reset-password.ts6
1 files changed, 3 insertions, 3 deletions
diff --git a/packages/backend/src/server/api/endpoints/request-reset-password.ts b/packages/backend/src/server/api/endpoints/request-reset-password.ts
index 3b6ebfe281..284ed8410d 100644
--- a/packages/backend/src/server/api/endpoints/request-reset-password.ts
+++ b/packages/backend/src/server/api/endpoints/request-reset-password.ts
@@ -1,4 +1,3 @@
-import rndstr from 'rndstr';
import ms from 'ms';
import { IsNull } from 'typeorm';
import { Inject, Injectable } from '@nestjs/common';
@@ -8,6 +7,7 @@ import { IdService } from '@/core/IdService.js';
import type { Config } from '@/config.js';
import { DI } from '@/di-symbols.js';
import { EmailService } from '@/core/EmailService.js';
+import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js';
export const meta = {
tags: ['reset password'],
@@ -41,7 +41,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.config)
private config: Config,
-
+
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@@ -77,7 +77,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
return;
}
- const token = rndstr('a-z0-9', 64);
+ const token = secureRndstr(64, { chars: L_CHARS });
await this.passwordResetRequestsRepository.insert({
id: this.idService.genId(),
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-12 14:42:39 +0000