fix: #2131, doesn't log in unverified user after resetting password

src/admin/components/views/ResetPassword/index.tsx

@@ -1,5 +1,6 @@
 import React from 'react';
 import { Link, useHistory, useParams } from 'react-router-dom';
+import { toast } from 'react-toastify';
 import { Trans, useTranslation } from 'react-i18next';
 import { useConfig } from '../../utilities/Config';
 import { useAuth } from '../../utilities/Auth';
@@ -29,6 +30,9 @@ const ResetPassword: React.FC = () => {
     if (data.token) {
       setToken(data.token);
       history.push(`${admin}`);
+    } else {
+      history.push(`${admin}/login`);
+      toast.success(t('general:updatedSuccessfully'), { autoClose: 3000 });
     }
   };
 

src/auth/operations/forgotPassword.ts

@@ -67,6 +67,7 @@ async function forgotPassword(incomingArgs: Arguments): Promise<string | null> {
     resetPasswordToken?: string,
     resetPasswordExpiration?: number | Date,
   }
+
   const user: UserDoc = await Model.findOne({ email: (data.email as string).toLowerCase() });
 
   if (!user) return null;

src/auth/operations/resetPassword.ts

@@ -62,44 +62,48 @@ async function resetPassword(args: Arguments): Promise<Result> {
 
   await user.save();
 
-  await user.authenticate(data.password);
+  let token: string;
 
-  const fieldsToSign = collectionConfig.fields.reduce((signedFields, field) => {
-    if (fieldAffectsData(field) && field.saveToJWT) {
-      return {
-        ...signedFields,
-        [field.name]: user[field.name],
+  if (!collectionConfig.auth.verify || user._verified) {
+    await user.authenticate(data.password);
+
+    const fieldsToSign = collectionConfig.fields.reduce((signedFields, field) => {
+      if (fieldAffectsData(field) && field.saveToJWT) {
+        return {
+          ...signedFields,
+          [field.name]: user[field.name],
+        };
+      }
+      return signedFields;
+    }, {
+      email: user.email,
+      id: user.id,
+      collection: collectionConfig.slug,
+    });
+
+    token = jwt.sign(
+      fieldsToSign,
+      secret,
+      {
+        expiresIn: collectionConfig.auth.tokenExpiration,
+      },
+    );
+
+    if (args.res) {
+      const cookieOptions = {
+        path: '/',
+        httpOnly: true,
+        expires: getCookieExpiration(collectionConfig.auth.tokenExpiration),
+        secure: collectionConfig.auth.cookies.secure,
+        sameSite: collectionConfig.auth.cookies.sameSite,
+        domain: undefined,
       };
+
+
+      if (collectionConfig.auth.cookies.domain) cookieOptions.domain = collectionConfig.auth.cookies.domain;
+
+      args.res.cookie(`${config.cookiePrefix}-token`, token, cookieOptions);
     }
-    return signedFields;
-  }, {
-    email: user.email,
-    id: user.id,
-    collection: collectionConfig.slug,
-  });
-
-  const token = jwt.sign(
-    fieldsToSign,
-    secret,
-    {
-      expiresIn: collectionConfig.auth.tokenExpiration,
-    },
-  );
-
-  if (args.res) {
-    const cookieOptions = {
-      path: '/',
-      httpOnly: true,
-      expires: getCookieExpiration(collectionConfig.auth.tokenExpiration),
-      secure: collectionConfig.auth.cookies.secure,
-      sameSite: collectionConfig.auth.cookies.sameSite,
-      domain: undefined,
-    };
-
-
-    if (collectionConfig.auth.cookies.domain) cookieOptions.domain = collectionConfig.auth.cookies.domain;
-
-    args.res.cookie(`${config.cookiePrefix}-token`, token, cookieOptions);
   }
 
   const fullUser = await payload.findByID({ collection: collectionConfig.slug, id: user.id, overrideAccess });

src/auth/types.ts

@@ -66,6 +66,7 @@ export interface UserDocument extends PayloadMongooseDocument {
   authenticate: (pass: string) => Promise<void>
   resetPasswordExpiration: number
   email: string
+  _verified?: boolean
 }
 
 type GenerateVerifyEmailHTML = (args: { req: PayloadRequest, token: string, user: any }) => Promise<string> | string