Secure password reset endpoints (#5167)

chungyau97 · web-flow · commit 9e178d68873e · 2025-09-04T18:14:11.000+08:00
fix: prevent sensitive data exposure in password reset
diff --git a/packages/server/src/enterprise/services/account.service.ts b/packages/server/src/enterprise/services/account.service.ts
@@ -25,6 +25,7 @@ import { RoleErrorMessage, RoleService } from './role.service'
 import { UserErrorMessage, UserService } from './user.service'
 import { WorkspaceUserErrorMessage, WorkspaceUserService } from './workspace-user.service'
 import { WorkspaceErrorMessage, WorkspaceService } from './workspace.service'
+import { sanitizeUser } from '../../utils/sanitize.util'
 
 type AccountDTO = {
     user: Partial<User>
@@ -540,7 +541,7 @@ export class AccountService {
             await queryRunner.release()
         }
 
-        return data
+        return sanitizeUser(data.user)
     }
 
     public async resetPassword(data: AccountDTO) {
@@ -582,7 +583,7 @@ export class AccountService {
             await queryRunner.release()
         }
 
-        return data
+        return sanitizeUser(data.user)
     }
 
     public async logout(user: LoggedInUser) {
diff --git a/packages/server/src/enterprise/services/user.service.ts b/packages/server/src/enterprise/services/user.service.ts
@@ -9,6 +9,7 @@ import { DataSource, QueryRunner } from 'typeorm'
 import { generateId } from '../../utils'
 import { GeneralErrorMessage } from '../../utils/constants'
 import { getHash } from '../utils/encryption.util'
+import { sanitizeUser } from '../../utils/sanitize.util'
 
 export const enum UserErrorMessage {
     EXPIRED_TEMP_TOKEN = 'Expired Temporary Token',
@@ -174,6 +175,6 @@ export class UserService {
             if (queryRunner && !queryRunner.isReleased) await queryRunner.release()
         }
 
-        return updatedUser
+        return sanitizeUser(updatedUser)
     }
 }
diff --git a/packages/server/src/utils/sanitize.util.ts b/packages/server/src/utils/sanitize.util.ts
@@ -1,3 +1,5 @@
+import { User } from '../enterprise/database/entities/user.entity'
+
 export function sanitizeNullBytes(obj: any): any {
     const stack = [obj]
 
@@ -30,3 +32,11 @@ export function sanitizeNullBytes(obj: any): any {
 
     return obj
 }
+
+export function sanitizeUser(user: Partial<User>) {
+    delete user.credential
+    delete user.tempToken
+    delete user.tokenExpiry
+
+    return user
+}

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ import { RoleErrorMessage, RoleService } from './role.service'`
`25`	`25`	`import { UserErrorMessage, UserService } from './user.service'`
`26`	`26`	`import { WorkspaceUserErrorMessage, WorkspaceUserService } from './workspace-user.service'`
`27`	`27`	`import { WorkspaceErrorMessage, WorkspaceService } from './workspace.service'`
	`28`	`+import { sanitizeUser } from '../../utils/sanitize.util'`
`28`	`29`
`29`	`30`	`type AccountDTO = {`
`30`	`31`	`user: Partial<User>`
`@@ -540,7 +541,7 @@ export class AccountService {`
`540`	`541`	`await queryRunner.release()`
`541`	`542`	`}`
`542`	`543`
`543`		`- return data`
	`544`	`+ return sanitizeUser(data.user)`
`544`	`545`	`}`
`545`	`546`
`546`	`547`	`public async resetPassword(data: AccountDTO) {`
`@@ -582,7 +583,7 @@ export class AccountService {`
`582`	`583`	`await queryRunner.release()`
`583`	`584`	`}`
`584`	`585`
`585`		`- return data`
	`586`	`+ return sanitizeUser(data.user)`
`586`	`587`	`}`
`587`	`588`
`588`	`589`	`public async logout(user: LoggedInUser) {`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ import { DataSource, QueryRunner } from 'typeorm'`
`9`	`9`	`import { generateId } from '../../utils'`
`10`	`10`	`import { GeneralErrorMessage } from '../../utils/constants'`
`11`	`11`	`import { getHash } from '../utils/encryption.util'`
	`12`	`+import { sanitizeUser } from '../../utils/sanitize.util'`
`12`	`13`
`13`	`14`	`export const enum UserErrorMessage {`
`14`	`15`	`EXPIRED_TEMP_TOKEN = 'Expired Temporary Token',`
`@@ -174,6 +175,6 @@ export class UserService {`
`174`	`175`	`if (queryRunner && !queryRunner.isReleased) await queryRunner.release()`
`175`	`176`	`}`
`176`	`177`
`177`		`- return updatedUser`
	`178`	`+ return sanitizeUser(updatedUser)`
`178`	`179`	`}`
`179`	`180`	`}`