🚑 Forgot/Reset password fix for MongoDB - only update mandatory fields (#6327)

* 🚑 Reset password only update mandatory fields

Signed-off-by: Damien Tsenkoff <d.tsenkoff@gmail.com>

* 🔥 Remove unused / unnecessary code

Signed-off-by: Damien Tsenkoff <d.tsenkoff@gmail.com>

packages/strapi-plugin-users-permissions/controllers/Auth.js

@@ -198,15 +198,14 @@ module.exports = {
         );
       }
 
-      // Delete the current code
+      const password = await strapi.plugins['users-permissions'].services.user.hashPassword({
-      user.resetPasswordToken = null;
-
-      user.password = await strapi.plugins['users-permissions'].services.user.hashPassword({
         password: params.password,
       });
 
       // Update the user.
-      await strapi.query('user', 'users-permissions').update({ id: user.id }, user);
+      await strapi
+        .query('user', 'users-permissions')
+        .update({ id: user.id }, { resetPasswordToken: null, password });
 
       ctx.send({
         jwt: strapi.plugins['users-permissions'].services.jwt.issue({
@@ -304,9 +303,6 @@ module.exports = {
     // Generate random token.
     const resetPasswordToken = crypto.randomBytes(64).toString('hex');
 
-    // Set the property code.
-    user.resetPasswordToken = resetPasswordToken;
-
     const settings = await pluginStore.get({ key: 'email' }).then(storeEmail => {
       try {
         return storeEmail['reset_password'].options;
@@ -363,7 +359,7 @@ module.exports = {
     }
 
     // Update the user.
-    await strapi.query('user', 'users-permissions').update({ id: user.id }, user);
+    await strapi.query('user', 'users-permissions').update({ id: user.id }, { resetPasswordToken });
 
     ctx.send({ ok: true });
   },