From 1f9d6af6c9fb1aa37b1d87f166aa9b6ff03a8b46 Mon Sep 17 00:00:00 2001
From: Damien Tsenkoff <d.tsenkoff@gmail.com>
Date: Mon, 1 Jun 2020 10:33:50 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=91=20Forgot/Reset=20password=20fix=20?=
 =?UTF-8?q?for=20MongoDB=20-=20only=20update=20mandatory=20fields=20(#6327?=
 =?UTF-8?q?)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🚑 Reset password only update mandatory fields

Signed-off-by: Damien Tsenkoff <d.tsenkoff@gmail.com>

* 🔥 Remove unused / unnecessary code

Signed-off-by: Damien Tsenkoff <d.tsenkoff@gmail.com>
---
 .../controllers/Auth.js                            | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js
index 4ff6706ef3..ab25092442 100644
--- a/packages/strapi-plugin-users-permissions/controllers/Auth.js
+++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js
@@ -198,15 +198,14 @@ module.exports = {
         );
       }
 
-      // Delete the current code
-      user.resetPasswordToken = null;
-
-      user.password = await strapi.plugins['users-permissions'].services.user.hashPassword({
+      const password = await strapi.plugins['users-permissions'].services.user.hashPassword({
         password: params.password,
       });
 
       // Update the user.
-      await strapi.query('user', 'users-permissions').update({ id: user.id }, user);
+      await strapi
+        .query('user', 'users-permissions')
+        .update({ id: user.id }, { resetPasswordToken: null, password });
 
       ctx.send({
         jwt: strapi.plugins['users-permissions'].services.jwt.issue({
@@ -304,9 +303,6 @@ module.exports = {
     // Generate random token.
     const resetPasswordToken = crypto.randomBytes(64).toString('hex');
 
-    // Set the property code.
-    user.resetPasswordToken = resetPasswordToken;
-
     const settings = await pluginStore.get({ key: 'email' }).then(storeEmail => {
       try {
         return storeEmail['reset_password'].options;
@@ -363,7 +359,7 @@ module.exports = {
     }
 
     // Update the user.
-    await strapi.query('user', 'users-permissions').update({ id: user.id }, user);
+    await strapi.query('user', 'users-permissions').update({ id: user.id }, { resetPasswordToken });
 
     ctx.send({ ok: true });
   },