From 2f199cb67ac2b91593899de10544200c9b440342 Mon Sep 17 00:00:00 2001
From: saravanakumardb1 <saravanakumardb1@users.noreply.github.com>
Date: Sun, 1 Mar 2026 17:43:32 -0800
Subject: [PATCH] fix(auth): replace hardcoded product ID lists with dynamic
 getAllProducts() in reset-password and verify-email

---
 .../src/modules/auth/routes.ts                | 23 ++++++++++---------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/services/platform-service/src/modules/auth/routes.ts b/services/platform-service/src/modules/auth/routes.ts
index 826c5367..bed92b3e 100644
--- a/services/platform-service/src/modules/auth/routes.ts
+++ b/services/platform-service/src/modules/auth/routes.ts
@@ -30,7 +30,7 @@
 import type { FastifyInstance } from 'fastify';
 import { BadRequestError, ForbiddenError, UnauthorizedError } from '../../lib/errors.js';
 import { bus } from '../../lib/event-bus.js';
-import { getProduct } from '../products/cache.js';
+import { getProduct, getAllProducts } from '../products/cache.js';
 import * as subscriptionRepo from '../subscriptions/repository.js';
 import * as licenseRepo from '../licenses/repository.js';
 import * as repo from './repository.js';
@@ -548,12 +548,12 @@ export async function authRoutes(app: FastifyInstance) {
     const { token, newPassword } = parsed.data;
     const tokenHash = repo.hashToken(token);
 
-    // Search across all products — token hash is unique
-    // We'll try the common product IDs
-    let resetDoc = await repo.findResetToken(tokenHash, 'lysnrai');
-    if (!resetDoc) resetDoc = await repo.findResetToken(tokenHash, 'chronomind');
-    if (!resetDoc) resetDoc = await repo.findResetToken(tokenHash, 'nomgap');
-    if (!resetDoc) resetDoc = await repo.findResetToken(tokenHash, 'mindlyst');
+    // Search across all registered products — token hash is unique
+    let resetDoc = null;
+    for (const p of getAllProducts()) {
+      resetDoc = await repo.findResetToken(tokenHash, p.id);
+      if (resetDoc) break;
+    }
 
     if (!resetDoc) {
       throw new BadRequestError('Invalid or expired reset token');
@@ -588,10 +588,11 @@ export async function authRoutes(app: FastifyInstance) {
     }
     const tokenHash = repo.hashToken(parsed.data.token);
 
-    let verifyDoc = await repo.findEmailVerification(tokenHash, 'lysnrai');
-    if (!verifyDoc) verifyDoc = await repo.findEmailVerification(tokenHash, 'chronomind');
-    if (!verifyDoc) verifyDoc = await repo.findEmailVerification(tokenHash, 'nomgap');
-    if (!verifyDoc) verifyDoc = await repo.findEmailVerification(tokenHash, 'mindlyst');
+    let verifyDoc = null;
+    for (const p of getAllProducts()) {
+      verifyDoc = await repo.findEmailVerification(tokenHash, p.id);
+      if (verifyDoc) break;
+    }
 
     if (!verifyDoc) {
       throw new BadRequestError('Invalid or expired verification token');