fix(magic-link): delete all previous login token by provider before c…

…reate the new one (#10269)
EtherealEngine · May 29, 2024 · f410ceb · f410ceb
1 parent 0e66e47
commit f410ceb
Showing 1 changed file with 4 additions and 12 deletions.
diff --git a/packages/server-core/src/user/magic-link/magic-link.class.ts b/packages/server-core/src/user/magic-link/magic-link.class.ts
@@ -164,12 +164,11 @@ export class MagicLinkService implements ServiceInterface<MagicLinkParams> {
     }
 
     if (identityProvider) {
+      await this.removePreviousLoginTokensByProvider(identityProvider.id)
       const loginToken = await this.app.service(loginTokenPath).create({
         identityProviderId: identityProvider.id
       })
 
-      await this.removePreviousLoginTokens(identityProvider.id)
-
       if (data.type === 'email') {
         await this.sendEmail(data.email, loginToken.token)
       } else if (data.type === 'sms') {
@@ -179,19 +178,12 @@ export class MagicLinkService implements ServiceInterface<MagicLinkParams> {
     return data
   }
 
-  private async removePreviousLoginTokens(identityProviderId: string) {
+  private async removePreviousLoginTokensByProvider(identityProviderId: string) {
     const loginTokenService = this.app.service(loginTokenPath)
-    const previousTokens = await loginTokenService.find({
+    await loginTokenService.remove(null, {
       query: {
-        identityProviderId: identityProviderId
+        identityProviderId
       }
     })
-    // Keep only the latest token and remove the rest
-    if (previousTokens.total > 1) {
-      const tokensToRemove = previousTokens.data.slice(1)
-      for (const token of tokensToRemove) {
-        await loginTokenService.remove(token.id)
-      }
-    }
   }
 }