From fb1d04d98e7aa66abe3b68a4eded0396ce00a6f9 Mon Sep 17 00:00:00 2001
From: Paul Bienkowski <pb@opatut.de>
Date: Sat, 15 May 2021 10:21:26 +0200
Subject: [PATCH] api: Consider password reset a successful email verification
 (fixes #77)

---
 api/src/accounts/account.service.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/api/src/accounts/account.service.js b/api/src/accounts/account.service.js
index 72608d6..8b57aec 100644
--- a/api/src/accounts/account.service.js
+++ b/api/src/accounts/account.service.js
@@ -93,6 +93,12 @@ async function resetPassword({ token, password }) {
   // update password and remove reset token
   account.setPassword(password);
   account.resetToken = undefined;
+
+  // Since password recovery happens through email, we can consider this a
+  // successful verification of the email address.
+  account.needsEmailValidation = false;
+  account.verificationToken = undefined;
+
   await account.save();
 }