FlowiseAI · christopherholland-workday · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026 · Mar 6, 2026
diff --git a/packages/server/src/enterprise/database/entities/user.entity.ts b/packages/server/src/enterprise/database/entities/user.entity.ts
@@ -30,7 +30,7 @@ export class User {
     @Column({ type: 'text', nullable: true, unique: true })
     tempToken?: string | null
 
-    @CreateDateColumn({ nullable: true })
+    @Column({ type: 'datetime', nullable: true, default: null })
     tokenExpiry?: Date | null
 
     @Column({ type: 'varchar', length: 20, default: UserStatus.UNVERIFIED })

diff --git a/packages/server/src/enterprise/services/account.service.ts b/packages/server/src/enterprise/services/account.service.ts
@@ -517,7 +517,7 @@ export class AccountService {
             const user = await this.userService.readUserByToken(data.user.tempToken, queryRunner)
             if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)
             data.user = user
-            data.user.tempToken = ''
+            data.user.tempToken = null
             data.user.tokenExpiry = null
             data.user.status = UserStatus.ACTIVE
             data.user = await this.userService.saveUser(data.user, queryRunner)
@@ -568,12 +568,16 @@ export class AccountService {
         const queryRunner = this.dataSource.createQueryRunner()
         await queryRunner.connect()
         try {
+            if (!data.user.tempToken) throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, UserErrorMessage.INVALID_TEMP_TOKEN)
+
             const user = await this.userService.readUserByEmail(data.user.email, queryRunner)
             if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)
-            if (user.tempToken !== data.user.tempToken)
+            if (!user.tempToken || user.tempToken !== data.user.tempToken)
                 throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, UserErrorMessage.INVALID_TEMP_TOKEN)
 
             const tokenExpiry = user.tokenExpiry
+            if (!tokenExpiry) throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, UserErrorMessage.INVALID_TEMP_TOKEN)
+
             const now = moment()
             const expiryInMins = process.env.PASSWORD_RESET_TOKEN_EXPIRY_IN_MINUTES
                 ? parseInt(process.env.PASSWORD_RESET_TOKEN_EXPIRY_IN_MINUTES)
@@ -592,8 +596,8 @@ export class AccountService {
             const hash = bcrypt.hashSync(password, salt)
             data.user = user
             data.user.credential = hash
-            data.user.tempToken = ''
-            data.user.tokenExpiry = undefined
+            data.user.tempToken = null
+            data.user.tokenExpiry = null
             data.user.status = UserStatus.ACTIVE
 
             await queryRunner.startTransaction()