reset password validator

This commit is contained in:
xfarrow 2024-03-27 12:35:12 +01:00
parent 9ce808e928
commit 21d32a89f9
2 changed files with 47 additions and 2 deletions

View File

@ -17,9 +17,16 @@ const ResetPassword = require('../models/reset_password_model');
const crypto = require('crypto');
const express = require('express');
const bcrypt = require('bcrypt');
const resetPasswordValidator = require('../utils/validators/reset_password_validator');
async function add(req, res) {
try {
const errors = resetPasswordValidator.validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({
errors: errors.array()
});
}
const userExists = await Person.findByEmail(req.body.email);
// If the user does not exist, do not inform them of the absence
if (userExists) {
@ -38,6 +45,12 @@ async function add(req, res) {
async function reset(req, res) {
try {
const errors = resetPasswordValidator.validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({
errors: errors.array()
});
}
const requester = await ResetPassword.findBySecret(req.body.secret);
if (requester) {
const diffMilliseconds = Date.now() - requester.time_of_request.getTime();
@ -59,8 +72,8 @@ async function reset(req, res) {
}
const routes = express.Router();
routes.post('/request', add);
routes.post('/reset', reset);
routes.post('/request', resetPasswordValidator.addRequestValidator, add);
routes.post('/reset', resetPasswordValidator.resetPasswordValidator, reset);
module.exports = {
routes

View File

@ -0,0 +1,32 @@
/*
This code is part of Blink
licensed under GPLv3
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
*/
const {
check,
validationResult
} = require("express-validator");
const addRequestValidator = [
check('email').isEmail().normalizeEmail().escape(),
];
const resetPasswordValidator = [
check('password').trim().escape(),
check('secret').trim().escape(),
];
module.exports = {
validationResult,
addRequestValidator,
resetPasswordValidator
}