john/deighton-ar
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Forgot password and reset password

Browse Source
This commit is contained in:
John Lyon-Smith
2018-03-22 14:56:39 -07:00
parent 82fbd88dab
commit 06ae76047e
15 changed files with 324 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
server/src/api/routes/AuthRoutes.js
View File

@@ -317,59 +317,60 @@ export class AuthRoutes {
})
}
changePassword(req, res, next) {
async changePassword(req, res, next) {
let User = this.db.User
let cr = credential()
User.findById({ _id: req.user._id }).then((user) => {
try {
const user = await User.findById({ _id: req.user._id })
if (!user) {
return next(createError.NotFound(`User ${req.user._id} not found`))
throw createError.NotFound(`User ${req.user._id} not found`)
}
return Promise.all([
Promise.resolve(user),
cr.verify(JSON.stringify(user.passwordHash), req.body.oldPassword)
])
}).then((arr) => {
const [user, ok] = arr
return Promise.all([Promise.resolve(user), cr.hash(req.body.newPassword)])
}).then((arr) => {
const [user, obj] = arr
const ok = await cr.verify(JSON.stringify(user.passwordHash), req.body.oldPassword)
const obj = await cr.hash(req.body.newPassword)
user.passwordHash = JSON.parse(obj)
return user.save()
}).then((savedUser) => {
await user.save()
res.json({})
}).catch((err) => {
return next(createError.InternalServerError(err.message))
})
} catch(err) {
if (err instanceof createError.HttpError) {
next(err)
} else {
next(createError.InternalServerError(err.message))
}
}
}
sendPasswordResetEmail(req, res, next){
async sendPasswordResetEmail(req, res, next){
const email = req.body.email
let User = this.db.User
if (!email) {
return next(createError.BadRequest('Invalid request parameters'))
}
User.findOne({ email }).then((user) => {
// User must exist their email must be confirmed
if (!user || user.emailToken) {
// Don't give away any information about why we rejected the request
return Promise.reject(createError.BadRequest('Not a valid request'))
} else if (user.passwordToken && (new Date() - user.emailToken.created) < this.sendEmailDelayInSeconds) {
return Promise.reject(createError.BadRequest('Cannot request password reset so soon'))
try {
if (!email) {
throw createError.BadRequest('Invalid request parameters')
}
return Promise.all([Promise.resolve(user), util.promisify(crypto.randomBytes)(32)])
}).then((arr) => {
let [ user, buf ] = arr
const user = await User.findOne({ email })
// User must exist and their email must be confirmed
if (!user || user.emailToken) {
// Don't give away any information about why we rejected the request
throw createError.BadRequest('Not a valid request')
} else if (user.passwordToken && user.passwordToken.created &&
(new Date() - user.passwordToken.created) < this.sendEmailDelayInSeconds) {
throw createError.BadRequest('Cannot request password reset so soon')
}
const buf = await util.promisify(crypto.randomBytes)(32)
user.passwordToken = {
value: urlSafeBase64.encode(buf),
created: new Date()
}
return user.save()
}).then((savedUser) => {
const savedUser = await user.save()
const userFullName = `${savedUser.firstName} ${savedUser.lastName}`
const siteUrl = url.parse(req.headers.referer)
const msg = {
@@ -381,15 +382,17 @@ export class AuthRoutes {
supportEmail: this.supportEmail
}
}
return this.sendEmail ? this.mq.request('dar-email', 'sendEmail', msg) : Promise.resolve()
}).then(() => {
if (this.sendEmail) {
await this.mq.request('dar-email', 'sendEmail', msg)
}
res.json({})
}).catch((err) => {
} catch(err) {
if (err instanceof createError.HttpError) {
next(err)
} else {
next(createError.InternalServerError(`Unable to send password reset email. ${err.message}`))
}
})
}
}
}