tabshift/pocketbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added App.DeleteAllExternalAuthsByRecord

Browse Source
This commit is contained in:
Gani Georgiev
2026-04-26 11:40:09 +03:00
parent dddb0a029f
commit ca7cf1162f
12 changed files with 567 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
apis/record_auth_with_otp.go
View File

@@ -71,8 +71,15 @@ func recordAuthWithOTP(e *core.RequestEvent) error {
otpSentTo := e.OTP.SentTo()
if !e.Record.Verified() && otpSentTo != "" && e.Record.Email() == otpSentTo {
e.Record.SetVerified(true)
err = e.App.Save(e.Record)
if err != nil {
// this is technically not required but we enforce password
// reset on verified upgrades in case the OTP is used on its own
// since this makes it less error prone to pre-hijacking attacks
if !e.Record.Collection().MFA.Enabled {
e.Record.SetRandomPassword()
}
if err := e.App.Save(e.Record); err != nil {
e.App.Logger().Error("Failed to update record verified state after successful OTP validation",
"error", err,
"otpId", e.OTP.Id,