diff --git a/src/backend/database/routes/users.ts b/src/backend/database/routes/users.ts index 8820ee68..4edd4590 100644 --- a/src/backend/database/routes/users.ts +++ b/src/backend/database/routes/users.ts @@ -1136,7 +1136,7 @@ router.post("/initiate-reset", async (req, res) => { }); } - const resetCode = Math.floor(100000 + Math.random() * 900000).toString(); + const resetCode = crypto.randomInt(100000, 1000000).toString(); const expiresAt = new Date(Date.now() + 15 * 60 * 1000); db.$client @@ -2037,7 +2037,7 @@ router.post("/recovery/request", async (req, res) => { } // Generate 6-digit recovery code - const recoveryCode = Math.floor(100000 + Math.random() * 900000).toString(); + const recoveryCode = crypto.randomInt(100000, 1000000).toString(); const expiresAt = Date.now() + 60 * 1000; // 1 minute expiry // Store recovery code in settings diff --git a/src/ui/Desktop/Homepage/HomepageAuth.tsx b/src/ui/Desktop/Homepage/HomepageAuth.tsx index 813529df..da1bf487 100644 --- a/src/ui/Desktop/Homepage/HomepageAuth.tsx +++ b/src/ui/Desktop/Homepage/HomepageAuth.tsx @@ -307,13 +307,6 @@ export function HomepageAuth({ // DEBUG: Verify JWT was set correctly (same as normal login) const verifyJWT = getCookie("jwt"); - console.log("Recovery JWT Set Debug:", { - originalToken: response.token.substring(0, 20) + "...", - retrievedToken: verifyJWT ? verifyJWT.substring(0, 20) + "..." : null, - match: response.token === verifyJWT, - tokenLength: response.token.length, - retrievedLength: verifyJWT?.length || 0 - }); setLoggedIn(true); setIsAdmin(response.is_admin); @@ -1034,39 +1027,6 @@ export function HomepageAuth({ )} - {/* Legacy Reset Flow (kept for compatibility) */} - {false && resetStep === "initiate" && ( - <> -
-

{t("auth.resetCodeDesc")}

-
-
-
- - setLocalUsername(e.target.value)} - disabled={resetLoading} - /> -
- -
- - )} - {resetStep === "verify" && ( <>