Skip to content

fix: protect password changed timestamps#121

Merged
zzswang merged 1 commit intomainfrom
codex/auth-reset-password-cache-and-ignore-password-changed-at
Apr 14, 2026
Merged

fix: protect password changed timestamps#121
zzswang merged 1 commit intomainfrom
codex/auth-reset-password-cache-and-ignore-password-changed-at

Conversation

@coderprepares
Copy link
Copy Markdown
Collaborator

@coderprepares coderprepares commented Apr 14, 2026

Summary

  • ignore passwordChangedAt during regular user updates so non-password edits cannot rewrite the password rotation timestamp
  • invalidate cached /users/:id entries after email and phone password resets
  • add unit and e2e coverage for both behaviors

Testing

  • pnpm exec eslint src/auth/auth.controller.ts src/user/dto/update-user.dto.ts src/user/user.service.ts src/user/user.service.spec.ts test/auth-login-logout.e2e-spec.ts
  • pnpm build
  • pnpm test -- src/user/user.service.spec.ts
  • pnpm test:e2e -- test/auth-login-logout.e2e-spec.ts

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 14, 2026

sdk version 2.25.0-pr-121-f329d6669d

## for js/ts project
pnpm add @36node/auth-sdk@2.25.0-pr-121-f329d6669d

zzswang
zzswang reviewed Apr 14, 2026
View reviewed changes
Comment thread src/user/dto/update-user.dto.ts
Comment thread src/user/user.service.spec.ts Outdated
Comment thread src/user/user.service.ts Outdated
@coderprepares coderprepares force-pushed the codex/auth-reset-password-cache-and-ignore-password-changed-at branch from 880e4d2 to 34ef90e Compare April 14, 2026 11:22
@coderprepares coderprepares force-pushed the codex/auth-reset-password-cache-and-ignore-password-changed-at branch from 34ef90e to 9b3add7 Compare April 14, 2026 11:23
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 14, 2026

sdk version 2.25.0-pr-121-8428bef64b

## for js/ts project
pnpm add @36node/auth-sdk@2.25.0-pr-121-8428bef64b

@zzswang zzswang merged commit aec8925 into main Apr 14, 2026
3 checks passed
@zzswang zzswang deleted the codex/auth-reset-password-cache-and-ignore-password-changed-at branch April 14, 2026 11:58
@github-actions github-actions Bot mentioned this pull request Apr 14, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zzswang zzswang zzswang approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coderprepares @zzswang