[#5964] refresh the token key on email change

2024-12-17 11:32:28 +02:00
parent 0d720c3c9d
commit 76b9051011
7 changed files with 78 additions and 38 deletions
--- a/apis/record_auth_email_change_confirm.go
+++ b/apis/record_auth_email_change_confirm.go
@@ -38,9 +38,8 @@ func recordConfirmEmailChange(e *core.RequestEvent) error {
 	event.NewEmail = newEmail

 	return e.App.OnRecordConfirmEmailChangeRequest().Trigger(event, func(e *core.RecordConfirmEmailChangeRequestEvent) error {
-		authRecord.Set(core.FieldNameEmail, e.NewEmail)
-		authRecord.Set(core.FieldNameVerified, true)
-		authRecord.RefreshTokenKey() // invalidate old tokens
+		e.Record.SetEmail(e.NewEmail)
+		e.Record.SetVerified(true)

 		if err := e.App.Save(e.Record); err != nil {
 			return firstApiError(err, e.BadRequestError("Failed to confirm email change.", err))