node.js - Why is it impossible to sign in after pasword reset?

Question

I find it difficult to create password reset, which is probably easy for all you guys. Sorry, it is my first time, so it seems impossible. However, I managed to create a password-reset sending email, generating token with bcrypt, but after the password change, it become impossible for the same user to sign into the system. This is all in the server, here is the code for password reset request:

router.put("/users/passwords/forget", async (req, res) => {
const { errors, isValid } = validateEmailForForgottenPasswordInput(req.body);
//Validating
if (!isValid) {
  return res.status(400).json(errors);
}

const email = req.body.email;

await db.user
 .findOne({ where: { [Op.or]: [{ email: email }, { username: email }] } })
.then((user) => {
  if (!user) {
    errors.email =
      "User not found";
    res.status(404).json(errors);
    return;
   }

    const token = usePasswordHashToMakeToken(user);
    const url = getPasswordResetURL(user, token);
    const emailTemplate = resetPasswordTemplate(user, url);

    db.user
    .update(
      {
        reset_link: token,
      },
      { where: { [Op.or]: [{ username: email }, { email: email }] } }
    )
    .then((infoD) => res.json(infoD))
    .catch((err) => console.log(err));

    const sendEmail = () => {
    transporter.sendMail(emailTemplate, (err, info) => {
      if (err) {
        res.status(500).json("Cant send email");
      }
      res.json(info);
    });
  };
  sendEmail();
})
.catch((err) => console.log(err));
 });

When the user then get the email, and aim to update their password, they use this method:

router.put("/passwords-restoration/restore/:id/:token", async (req, res) => {
const { errors, isValid } = validateForgottenPasswordInput(req.body);
  if (!isValid) {
   return res.status(400).json(errors);
}

var salt = bcrypt.genSaltSync(10);

await db.user
.findOne({ where: { id: req.params.id } })
.then((user) => {
  if (!user) {
    errors.password =
      "Det g?r inte at byta l?senord f?r anv?ndare som inte existeras";
    res.status(404).json(errors);
    return;
  }
  if (req.body.password)
    user.password = bcrypt.hashSync(req.body.password, salt);
  if (req.body.password2) user.password2 = req.body.password2;
  user.update(
    {
      password: user.password,
    },
    { $set: user },
    { new: true }
  );

   user.save().then((user) => res.json(user));
  })
   .catch((err) => console.log(err));
  });

Then when the person try to login, they cannot login anymore.

Answer 1

等待大神答复