2 critical fixes: pwd reset and invitation caching ui

2026-03-03 23:07:41 +01:00 · 2026-03-03 23:07:41 +01:00 · 92d9a2a0d5
commit 92d9a2a0d5
parent f4940cf9e1
2 changed files with 2 additions and 6 deletions
--- a/modules/interfaces/interfaceDbApp.py
+++ b/modules/interfaces/interfaceDbApp.py
@ -662,10 +662,6 @@ class AppObjects:
        if authAuthority != AuthAuthority.LOCAL and authAuthority != AuthAuthority.LOCAL.value:
            raise ValueError("User does not have local authentication enabled")
        
-        # Check if user has a reset token set (password reset required)
-        if userRecord.get("resetToken"):
-            raise ValueError("Passwort-Zurücksetzung erforderlich. Bitte prüfen Sie Ihre E-Mail.")
-        
        if not userRecord.get("hashedPassword"):
            raise ValueError("User has no password set")

--- a/modules/routes/routeSecurityLocal.py
+++ b/modules/routes/routeSecurityLocal.py
@ -602,8 +602,8 @@ def password_reset_request(
                # Generate reset token
                token, expires = rootInterface.generateResetTokenAndExpiry()
                
-                # Set reset token (clears password)
-                rootInterface.setResetToken(user.id, token, expires)
+                # Set reset token but keep existing password valid until new one is set
+                rootInterface.setResetToken(user.id, token, expires, clearPassword=False)
                
                # Generate magic link using provided frontend URL
                magicLink = f"{baseUrl}/reset?token={token}"