X-Git-Url: https://git.auder.net/images/pieces/Cwda/bt.svg?a=blobdiff_plain;f=models%2FUser.js;h=4b5c840a6730976a196b8b8f5c15edc5f370edc8;hb=badeb466c977ed9a8e1b464a2236001126decb9e;hp=6eff2735684af0271e0b753a94a1b278c9883589;hpb=c018b304ba439ca92348dcb65715707f5cfcee05;p=vchess.git

diff --git a/models/User.js b/models/User.js
index 6eff2735..4b5c840a 100644
--- a/models/User.js
+++ b/models/User.js
@@ -1,6 +1,6 @@
 var db = require("../utils/database");
 var maild = require("../utils/mailer.js");
-var TokenGen = require("../utils/tokenGenerator");
+var genToken = require("../utils/tokenGenerator");
 var params = require("../config/parameters");
 
 /*
@@ -14,7 +14,7 @@ var params = require("../config/parameters");
  *   notify: boolean (send email notifications for corr games)
  */
 
-// User creation
+// NOTE: parameters are already cleaned (in controller), thus no sanitization here
 exports.create = function(name, email, notify, callback)
 {
 	db.serialize(function() {
@@ -70,7 +70,7 @@ exports.trySetSessionToken = function(uid, cb)
 		db.get(querySessionToken, (err,ret) => {
 			if (!!err)
 				return cb(err);
-			const token = ret.sessionToken || TokenGen.generate(params.token.length);
+			const token = ret.sessionToken || genToken(params.token.length);
 			const queryUpdate =
 				"UPDATE Users " +
 				"SET loginToken = NULL" +