diff --git a/src/server/controllers/sendChangePasswordEmail.ts b/src/server/controllers/sendChangePasswordEmail.ts index f60d8c044..59f230c6d 100644 --- a/src/server/controllers/sendChangePasswordEmail.ts +++ b/src/server/controllers/sendChangePasswordEmail.ts @@ -278,7 +278,10 @@ const changePasswordEmailIdx = async ( } // set a placeholder password for the user - await dangerouslySetPlaceholderPassword(user.id, req.ip); + await dangerouslySetPlaceholderPassword({ + id: user.id, + ip: req.ip, + }); // now that the placeholder password has been set, the user will be in // 1. ACTIVE users - has email + password authenticator (okta idx email verified) @@ -381,7 +384,10 @@ export const sendEmailInOkta = async ( // check for user does not have a password set // (to make sure we don't override any existing password) if (!user.credentials.password) { - await dangerouslySetPlaceholderPassword(user.id, req.ip); + await dangerouslySetPlaceholderPassword({ + id: user.id, + ip: req.ip, + }); // now that the placeholder password has been set, the user behaves like a // normal user (provider = OKTA) and we can send the email by calling this method again return sendEmailInOkta(req, res, true); diff --git a/src/server/lib/okta/dangerouslySetPlaceholderPassword.ts b/src/server/lib/okta/dangerouslySetPlaceholderPassword.ts index 880b7e01e..0249122c8 100644 --- a/src/server/lib/okta/dangerouslySetPlaceholderPassword.ts +++ b/src/server/lib/okta/dangerouslySetPlaceholderPassword.ts @@ -4,6 +4,13 @@ import { logger } from '@/server/lib/serverSideLogger'; import { validateRecoveryToken, resetPassword } from './api/authentication'; import { dangerouslyResetPassword } from './api/users'; +// Define the parameter object type +interface PlaceholderPasswordParams { + id: string; + ip?: string; + returnPlaceholderPassword?: boolean; +} + /** * This function is used ONLY for users who do not have a password set at all * (i.e. social users or users imported from IDAPI). It does the following: @@ -17,11 +24,19 @@ import { dangerouslyResetPassword } from './api/users'; * @param returnPlaceholderPassword If true, return the placeholder password * @returns The placeholder password if returnPlaceholderPassword is true, otherwise void (undefined) */ -const dangerouslySetPlaceholderPassword = async ( - id: string, - ip?: string, +// Overload signatures +async function dangerouslySetPlaceholderPassword( + params: PlaceholderPasswordParams & { returnPlaceholderPassword: true }, +): Promise; +async function dangerouslySetPlaceholderPassword( + params: PlaceholderPasswordParams & { returnPlaceholderPassword?: false }, +): Promise; +// Implementation +async function dangerouslySetPlaceholderPassword({ + id, + ip, returnPlaceholderPassword = false, -): Promise => { +}: PlaceholderPasswordParams): Promise { try { // Generate an recoveryToken OTT and put user into RECOVERY state const recoveryToken = await dangerouslyResetPassword(id, ip); @@ -57,6 +72,6 @@ const dangerouslySetPlaceholderPassword = async ( ); throw error; } -}; +} export default dangerouslySetPlaceholderPassword; diff --git a/src/server/lib/okta/register.ts b/src/server/lib/okta/register.ts index c84337cda..72b617ded 100644 --- a/src/server/lib/okta/register.ts +++ b/src/server/lib/okta/register.ts @@ -304,7 +304,10 @@ const sendRegistrationEmailByUserState = async ({ if (doesNotHavePassword) { // The user does not have a password set, so we set a placeholder // password first, then proceed with the rest of the operation. - await dangerouslySetPlaceholderPassword(user.id, ip); + await dangerouslySetPlaceholderPassword({ + id: user.id, + ip, + }); } // Now the user has a password set, so we can get a reset password token // and send them an email which contains it, allowing them to immediately diff --git a/src/server/routes/delete.ts b/src/server/routes/delete.ts index c378afee9..08f8fc07c 100644 --- a/src/server/routes/delete.ts +++ b/src/server/routes/delete.ts @@ -332,7 +332,10 @@ router.post( // if the user doesn't have a password set, set a placeholder password if (!user.credentials.password) { - await dangerouslySetPlaceholderPassword(user.id, req.ip); + await dangerouslySetPlaceholderPassword({ + id: user.id, + ip: req.ip, + }); } // attempt to send the email