fix: pull missing fields

2021-10-23 13:07:41 +02:00
parent f0c371f987
commit b82b43b4c6
2 changed files with 28 additions and 19 deletions
--- a/packages/medusa/src/api/routes/store/customers/reset-password.js
+++ b/packages/medusa/src/api/routes/store/customers/reset-password.js
@@ -24,7 +24,9 @@ import jwt from "jsonwebtoken"
 */
 export default async (req, res) => {
  const schema = Validator.object().keys({
-    email: Validator.string().email().required(),
+    email: Validator.string()
+      .email()
+      .required(),
    token: Validator.string().required(),
    password: Validator.string().required(),
  })
@@ -34,23 +36,21 @@ export default async (req, res) => {
    throw new MedusaError(MedusaError.Types.INVALID_DATA, error.details)
  }

-  try {
-    const customerService = req.scope.resolve("customerService")
-    let customer = await customerService.retrieveByEmail(value.email)
+  const customerService = req.scope.resolve("customerService")
+  let customer = await customerService.retrieveByEmail(value.email, {
+    select: ["id", "password_hash"],
+  })

-    const decodedToken = await jwt.verify(value.token, customer.password_hash)
-    if (!decodedToken || customer.id !== decodedToken.customer_id) {
-      res.status(401).send("Invalid or expired password reset token")
-      return
-    }
-
-    await customerService.update(customer.id, {
-      password: value.password,
-    })
-
-    customer = await customerService.retrieve(customer.id)
-    res.status(200).json({ customer })
-  } catch (error) {
-    throw error
+  const decodedToken = jwt.verify(value.token, customer.password_hash)
+  if (!decodedToken || customer.id !== decodedToken.customer_id) {
+    res.status(401).send("Invalid or expired password reset token")
+    return
  }
+
+  await customerService.update(customer.id, {
+    password: value.password,
+  })
+
+  customer = await customerService.retrieve(customer.id)
+  res.status(200).json({ customer })
 }
--- a/packages/medusa/src/services/customer.js
+++ b/packages/medusa/src/services/customer.js
@@ -94,7 +94,16 @@ class CustomerService extends BaseService {
   * @return {string} the generated JSON web token
   */
  async generateResetPasswordToken(customerId) {
-    const customer = await this.retrieve(customerId)
+    const customer = await this.retrieve(customerId, {
+      select: [
+        "id",
+        "has_account",
+        "password_hash",
+        "email",
+        "first_name",
+        "last_name",
+      ],
+    })

    if (!customer.has_account) {
      throw new MedusaError(