@delopay/sdk 0.3.0 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +15 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +11 -0
- package/dist/index.d.ts +11 -0
- package/dist/index.js +15 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -2069,8 +2069,22 @@ var Users = class {
|
|
|
2069
2069
|
async forgotPassword(params) {
|
|
2070
2070
|
return this.request("POST", "/user/forgot_password", { body: params });
|
|
2071
2071
|
}
|
|
2072
|
+
/**
|
|
2073
|
+
* Reset a user's password using the single-purpose JWT delivered by the
|
|
2074
|
+
* forgot-password email.
|
|
2075
|
+
*
|
|
2076
|
+
* The backend validates the token **twice**: first by the
|
|
2077
|
+
* `SinglePurposeJWTAuth` middleware (reads `Authorization: Bearer …`),
|
|
2078
|
+
* then by the handler itself (decodes `body.token` as an `EmailToken` and
|
|
2079
|
+
* looks up the user by the embedded email — see
|
|
2080
|
+
* `crates/router/src/core/user.rs:687`). The same JWT satisfies both, so
|
|
2081
|
+
* the SDK sends it in both places. Callers still pass `{ password, token }`.
|
|
2082
|
+
*/
|
|
2072
2083
|
async resetPassword(params) {
|
|
2073
|
-
return this.request("POST", "/user/reset_password", {
|
|
2084
|
+
return this.request("POST", "/user/reset_password", {
|
|
2085
|
+
body: params,
|
|
2086
|
+
headers: { Authorization: `Bearer ${params.token}` }
|
|
2087
|
+
});
|
|
2074
2088
|
}
|
|
2075
2089
|
async verifyEmail(params) {
|
|
2076
2090
|
return this.request("POST", "/user/verify_email", { body: params });
|