@delopay/sdk 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +8 -7
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +6 -4
  4. package/dist/index.d.ts +6 -4
  5. package/dist/index.js +8 -7
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -2073,16 +2073,17 @@ var Users = class {
2073
2073
  * Reset a user's password using the single-purpose JWT delivered by the
2074
2074
  * forgot-password email.
2075
2075
  *
2076
- * The backend's `SinglePurposeJWTAuth` reads the token from the
2077
- * `Authorization: Bearer …` header, not from the request body, so the
2078
- * SDK lifts the `token` field out of `params` and sends it as the header.
2079
- * Callers still pass `{ password, token }`the shape is unchanged.
2076
+ * The backend validates the token **twice**: first by the
2077
+ * `SinglePurposeJWTAuth` middleware (reads `Authorization: Bearer …`),
2078
+ * then by the handler itself (decodes `body.token` as an `EmailToken` and
2079
+ * looks up the user by the embedded email see
2080
+ * `crates/router/src/core/user.rs:687`). The same JWT satisfies both, so
2081
+ * the SDK sends it in both places. Callers still pass `{ password, token }`.
2080
2082
  */
2081
2083
  async resetPassword(params) {
2082
- const { token, password } = params;
2083
2084
  return this.request("POST", "/user/reset_password", {
2084
- body: { password },
2085
- headers: { Authorization: `Bearer ${token}` }
2085
+ body: params,
2086
+ headers: { Authorization: `Bearer ${params.token}` }
2086
2087
  });
2087
2088
  }
2088
2089
  async verifyEmail(params) {