From 248fb1fa691c737c142de14e449e351302733f79 Mon Sep 17 00:00:00 2001
From: liuyi <forehalo@gmail.com>
Date: Thu, 9 Nov 2023 16:23:03 +0800
Subject: [PATCH] fix(server): token set with id instead of email (#4883)

---
 packages/backend/server/src/modules/auth/resolver.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/backend/server/src/modules/auth/resolver.ts b/packages/backend/server/src/modules/auth/resolver.ts
index f225a000d8..27bf40a82c 100644
--- a/packages/backend/server/src/modules/auth/resolver.ts
+++ b/packages/backend/server/src/modules/auth/resolver.ts
@@ -136,12 +136,12 @@ export class AuthResolver {
     @Args('newPassword') newPassword: string
   ) {
     // we only create user account after user sign in with email link
-    const email = await this.session.get(token);
-    if (!email || email !== user.email || !user.emailVerified) {
+    const id = await this.session.get(token);
+    if (!id || id !== user.id || !user.emailVerified) {
       throw new ForbiddenException('Invalid token');
     }
 
-    await this.auth.changePassword(email, newPassword);
+    await this.auth.changePassword(user.email, newPassword);
     await this.session.delete(token);
 
     return user;