File: src/auth/auth.service.ts (requestPasswordReset)
The raw reset token is stored in the DB and also sent in the email link. Mail provider compromise yields live reset tokens.
Fix: Generate token → hash it → store hash → email raw token. Lookup on hash only.
File:
src/auth/auth.service.ts(requestPasswordReset)The raw reset token is stored in the DB and also sent in the email link. Mail provider compromise yields live reset tokens.
Fix: Generate token → hash it → store hash → email raw token. Lookup on hash only.