payloadcms

Files

contip b1fa76e397 fix: keep apiKey encrypted in refresh operation (#13063 ) (#13177 )

### What?
Prevents decrypted apiKey from being saved back to database on the auth
refresh operation.

### Why?
References issue #13063: refreshing a token for a logged-in user
decrypted `apiKey` and wrote it back in plaintext, corrupting the user
record.

### How?
The user is now fetched with `db.findOne` instead of `findByID`,
preserving the encryption of the key when saved back to the database
using `db.updateOne`. The user record is then re-fetched using
`findByID`, allowing for the decrypted key to be provided in the
response.

### Tests
* ✅ keeps apiKey encrypted in DB after refresh
* ✅ returns user with decrypted apiKey after refresh

Fixes #13063

2025-07-29 16:27:45 -04:00

custom-strategy

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

forgot-password-localized

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

removed-token

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

fix: fix all ui imports in our plugins, and get rid of ui subpath exports within monorepo (#6854 )

2024-06-19 14:16:31 -04:00