Fix: Password Change/Reset Credential Preservation #383
@@ -1339,6 +1339,7 @@ router.post("/complete-reset", async (req, res) => {
|
|||||||
},
|
},
|
||||||
);
|
);
|
||||||
await authManager.registerUser(userId, newPassword);
|
await authManager.registerUser(userId, newPassword);
|
||||||
|
authManager.logoutUser(userId);
|
||||||
} else {
|
} else {
|
||||||
authLogger.success(
|
authLogger.success(
|
||||||
`Password reset completed for user: ${username}. Data preserved using existing session.`,
|
`Password reset completed for user: ${username}. Data preserved using existing session.`,
|
||||||
|
|||||||
@@ -286,8 +286,7 @@ class UserCrypto {
|
|||||||
newKEK.fill(0);
|
newKEK.fill(0);
|
||||||
|
|
||||||
// Create a copy of DEK for the session before zeroing it out
|
// Create a copy of DEK for the session before zeroing it out
|
||||||
const dekCopy = Buffer.allocUnsafe(DEK.length);
|
const dekCopy = Buffer.from(DEK);
|
||||||
DEK.copy(dekCopy);
|
|
||||||
|
|
||||||
// Keep user session active with the same DEK
|
// Keep user session active with the same DEK
|
||||||
const now = Date.now();
|
const now = Date.now();
|
||||||
@@ -330,11 +329,6 @@ class UserCrypto {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
const kekSalt = await this.getKEKSalt(userId);
|
|
||||||
if (!kekSalt) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Generate new KEK from new password
|
// Generate new KEK from new password
|
||||||
const newKekSalt = await this.generateKEKSalt();
|
const newKekSalt = await this.generateKEKSalt();
|
||||||
const newKEK = this.deriveKEK(newPassword, newKekSalt);
|
const newKEK = this.deriveKEK(newPassword, newKekSalt);
|
||||||
|
|||||||
Reference in New Issue
Block a user