improve user_confirm / recover code flow

server/api/controller/user.js

@@ -26,7 +26,7 @@ const userController = {
     if (!recover_code) { return res.sendStatus(400) }
     const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
     if (!user) { return res.sendStatus(400) }
-    res.sendStatus(200)
+    res.json({ email: user.email })
   },
 
   async updatePasswordWithRecoverCode (req, res) {
@@ -50,7 +50,7 @@ const userController = {
   },
 
   async getAll (req, res) {
-    const users = await User.scope('withoutPassword').findAll({
+    const users = await User.scope(req.user.is_admin ? 'withRecover' : 'withoutPassword').findAll({
       order: [['is_admin', 'DESC'], ['createdAt', 'DESC']]
     })
     res.json(users)
@@ -112,7 +112,7 @@ const userController = {
     try {
       req.body.is_active = true
       req.body.recover_code = crypto.randomBytes(16).toString('hex')
-      const user = await User.create(req.body)
+      const user = await User.scope('withRecover').create(req.body)
       mail.send(user.email, 'user_confirm', { user, config }, req.settings.locale)
       res.json(user)
     } catch (e) {
@@ -125,7 +125,7 @@ const userController = {
     try {
       const user = await User.findByPk(req.params.id)
       await user.destroy()
-      log.warn(`User ${req.user.email} removed!`)
+      log.warn(`User ${user.email} removed!`)
       res.sendStatus(200)
     } catch (e) {
       log.error('User removal error:"', e)