Auth changes and docker args update

Dockerfile

@@ -37,8 +37,13 @@ FROM base as api_build
 
 # If your api side build relies on build-time environment variables,
 # specify them here as ARGs. (But don't put secrets in your Dockerfile!)
-#
-# ARG MY_BUILD_TIME_ENV_VAR
+
+ARG ADDRESS_PROD
+ARG ADDRESS_DEV
+ARG GMAIL
+ARG GMAIL_SMTP_PASSWORD
+ARG FIRST_NAME
+ARG LAST_NAME
 
 COPY --chown=node:node api api
 RUN yarn rw build api

api/src/functions/auth.ts

@@ -95,12 +95,10 @@ ${domain}/reset-password?resetToken=${resetToken}
     // the database. Returning anything truthy will automatically log the user
     // in. Return `false` otherwise, and in the Reset Password page redirect the
     // user to the login page.
-    handler: (_user) => {
-      return true
-    },
+    handler: (_user) => false,
 
     // If `false` then the new password MUST be different from the current one
-    allowReusedPassword: true,
+    allowReusedPassword: false,
 
     errors: {
       // the resetToken is valid, but expired
@@ -218,8 +216,7 @@ ${domain}/reset-password?resetToken=${resetToken}
         Path: '/',
         SameSite: isProduction ? 'None' : 'Strict',
         Secure: isProduction,
-        Domain: isProduction ? 'localhost' : 'localhost',
-        // Domain: isProduction ? process.env.DOMAIN : 'localhost',
+        Domain: isProduction ? process.env.DOMAIN : 'localhost',
       },
       name: cookieName,
     },