diff --git a/docs/pages/basics/sessions.md b/docs/pages/basics/sessions.md index 1ac75f128..4684a6d8a 100644 --- a/docs/pages/basics/sessions.md +++ b/docs/pages/basics/sessions.md @@ -39,10 +39,9 @@ declare module "lucia" { Lucia: typeof lucia; DatabaseSessionAttributes: DatabaseSessionAttributes; } -} - -interface DatabaseSessionAttributes { - country: string; + interface DatabaseSessionAttributes { + ip_country: string; + } } ``` diff --git a/docs/pages/guides/email-and-password/password-reset.md b/docs/pages/guides/email-and-password/password-reset.md index 19d6782f0..e0ecd24d3 100644 --- a/docs/pages/guides/email-and-password/password-reset.md +++ b/docs/pages/guides/email-and-password/password-reset.md @@ -22,6 +22,7 @@ The token should be valid for at most few hours. ```ts import { TimeSpan, createDate } from "oslo"; +import { generateId } from "lucia"; async function createPasswordResetToken(userId: string): Promise { // optionally invalidate all existing tokens @@ -40,7 +41,6 @@ When a user requests a password reset email, check if the email is valid and cre ```ts import { generateId } from "lucia"; -import { encodeHex } from "oslo/encoding"; app.post("/reset-password", async () => { let email: string; @@ -71,7 +71,8 @@ Make sure to implement rate limiting based on IP addresses. Extract the verification token from the URL and validate by checking the expiration date. If the token is valid, invalidate all existing user sessions, update the database, and create a new session. ```ts -import { isWithinExpiration } from "oslo"; +import { isWithinExpirationDate } from "oslo"; +import { Argon2id } from "oslo/password"; app.post("/reset-password/:token", async () => { let password = formData.get("password"); @@ -95,7 +96,7 @@ app.post("/reset-password/:token", async () => { status: 400 }); } - if (!isWithinExpiration(token.expires_at)) { + if (!isWithinExpirationDate(token.expires_at)) { await db.table("password_reset_token").where("id", "=", token.id).delete(); return new Response(null, { status: 400 @@ -103,7 +104,7 @@ app.post("/reset-password/:token", async () => { } await lucia.invalidateUserSessions(user.id); - const hashedPassword = new Argon2id().hash(password); + const hashedPassword = await new Argon2id().hash(password); await db.table("user").where("id", "=", user.id).update({ hashed_password: hashedPassword }); diff --git a/docs/pages/tutorials/username-and-password/sveltekit.md b/docs/pages/tutorials/username-and-password/sveltekit.md index 523b7e7f6..6e87a5553 100644 --- a/docs/pages/tutorials/username-and-password/sveltekit.md +++ b/docs/pages/tutorials/username-and-password/sveltekit.md @@ -79,6 +79,7 @@ Create a form action in `routes/signup/+page.server.ts`. First do a very basic i // routes/signup/+page.server.ts import { lucia } from "$lib/server/auth"; import { fail, redirect } from "@sveltejs/kit"; +import { Argon2id } from "oslo/password"; import type { Actions } from "./$types"; @@ -166,6 +167,7 @@ Create an API route as `pages/api/signup.ts`. First do a very basic input valida ```ts import { lucia } from "$lib/server/auth"; import { fail, redirect } from "@sveltejs/kit"; +import { Argon2id } from "oslo/password"; import type { Actions } from "./$types"; @@ -258,7 +260,7 @@ export const actions: Actions = { } await auth.invalidateSession(event.locals.session.id); const sessionCookie = lucia.createBlankSessionCookie(); - context.cookies.set(sessionCookie.name, sessionCookie.value, { + event.cookies.set(sessionCookie.name, sessionCookie.value, { path: ".", ...sessionCookie.attributes });