X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Fmodels%2FUser.js;h=c05161567b49b09492b647f9564b00a47d91e6ca;hp=ee4b056658e105a8691b4ec3364a60523ea838f7;hb=58e7b94e6e1a8d5721b9211b45c40e65fc13f600;hpb=d36ca1989daec86e5ad4b2e65c8a045af171fafd

diff --git a/server/models/User.js b/server/models/User.js
index ee4b0566..c0516156 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -33,6 +33,7 @@ const UserModel =
 			if (!o.email.match(/^[\w.+-]+@[\w.+-]+$/))
 				return "Bad characters in email";
 		}
+    return ""; //NOTE: not required, but more consistent... (?!)
 	},
 
 	// NOTE: parameters are already cleaned (in controller), thus no sanitization here
@@ -89,8 +90,9 @@ const UserModel =
 	},
 
 	// Set session token only if empty (first login)
-	// TODO: weaker security (but avoid to re-login everywhere after each logout)
-	trySetSessionToken: function(uid, cb)
+	// NOTE: weaker security (but avoid to re-login everywhere after each logout)
+	// TODO: option would be to reset all tokens periodically, e.g. every 3 months
+  trySetSessionToken: function(uid, cb)
 	{
 		// Also empty the login token to invalidate future attempts
 		db.serialize(function() {