From e41fab769fc9030eba2e4157933ff42fc200a138 Mon Sep 17 00:00:00 2001
From: loks0n <22452787+loks0n@users.noreply.github.com>
Date: Wed, 11 Oct 2023 13:20:25 +0100
Subject: [PATCH] fix: edge cases

---
 app/controllers/api/account.php | 6 +++---
 app/controllers/api/users.php   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 7b84882639..455fbcd6fa 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1143,7 +1143,7 @@ App::put('/v1/account/sessions/token')
         $userFromRequest = Authorization::skip(fn () => $dbForProject->getDocument('users', $userId));
 
         if ($userFromRequest->isEmpty()) {
-            throw new Exception(Exception::USER_NOT_FOUND);
+            throw new Exception(Exception::USER_INVALID_TOKEN);
         }
 
         $verifiedToken = Auth::tokenVerify($userFromRequest->getAttribute('tokens', []), null, $secret);
@@ -1207,8 +1207,8 @@ App::put('/v1/account/sessions/token')
         $protocol = $request->getProtocol();
 
         $response
-            ->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($user->getId(), $sessionSecret), (new \DateTime($sessionSecret))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
-            ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $sessionSecret), (new \DateTime($sessionSecret))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
+            ->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($user->getId(), $sessionSecret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
+            ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $sessionSecret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
             ->setStatusCode(Response::STATUS_CODE_CREATED);
 
         $countryName = $locale->getText('countries.' . strtolower($session->getAttribute('countryCode')), $locale->getText('locale.country.unknown'));
diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php
index dd1a727671..df253ed698 100644
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@@ -1101,7 +1101,7 @@ App::post('/v1/users/:userId/tokens')
     ->inject('dbForProject')
     ->inject('events')
     ->action(function (string $userId, Response $response, Database $dbForProject, Event $events) {
-        $user = $dbForProject->getDocument('users ', $userId);
+        $user = $dbForProject->getDocument('users', $userId);
 
         if ($user->isEmpty()) {
             throw new Exception(Exception::USER_NOT_FOUND);