mirror of https://github.com/xfarrow/blink
reset password validator
This commit is contained in:
xfarrow
parent
9ce808e928
commit
21d32a89f9
|
|
@ -17,9 +17,16 @@ const ResetPassword = require('../models/reset_password_model');
|
|||
const crypto = require('crypto');
|
||||
const express = require('express');
|
||||
const bcrypt = require('bcrypt');
|
||||
const resetPasswordValidator = require('../utils/validators/reset_password_validator');
|
||||
|
||||
async function add(req, res) {
|
||||
try {
|
||||
const errors = resetPasswordValidator.validationResult(req);
|
||||
if (!errors.isEmpty()) {
|
||||
return res.status(400).json({
|
||||
errors: errors.array()
|
||||
});
|
||||
}
|
||||
const userExists = await Person.findByEmail(req.body.email);
|
||||
// If the user does not exist, do not inform them of the absence
|
||||
if (userExists) {
|
||||
|
|
@ -38,6 +45,12 @@ async function add(req, res) {
|
|||
|
||||
async function reset(req, res) {
|
||||
try {
|
||||
const errors = resetPasswordValidator.validationResult(req);
|
||||
if (!errors.isEmpty()) {
|
||||
return res.status(400).json({
|
||||
errors: errors.array()
|
||||
});
|
||||
}
|
||||
const requester = await ResetPassword.findBySecret(req.body.secret);
|
||||
if (requester) {
|
||||
const diffMilliseconds = Date.now() - requester.time_of_request.getTime();
|
||||
|
|
@ -59,8 +72,8 @@ async function reset(req, res) {
|
|||
}
|
||||
|
||||
const routes = express.Router();
|
||||
routes.post('/request', add);
|
||||
routes.post('/reset', reset);
|
||||
routes.post('/request', resetPasswordValidator.addRequestValidator, add);
|
||||
routes.post('/reset', resetPasswordValidator.resetPasswordValidator, reset);
|
||||
|
||||
module.exports = {
|
||||
routes
|
||||
|
|
|
|||
|
|
@ -0,0 +1,32 @@
|
|||
/*
|
||||
This code is part of Blink
|
||||
licensed under GPLv3
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
||||
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||
IN THE SOFTWARE.
|
||||
*/
|
||||
|
||||
const {
|
||||
check,
|
||||
validationResult
|
||||
} = require("express-validator");
|
||||
|
||||
const addRequestValidator = [
|
||||
check('email').isEmail().normalizeEmail().escape(),
|
||||
];
|
||||
|
||||
const resetPasswordValidator = [
|
||||
check('password').trim().escape(),
|
||||
check('secret').trim().escape(),
|
||||
];
|
||||
|
||||
module.exports = {
|
||||
validationResult,
|
||||
addRequestValidator,
|
||||
resetPasswordValidator
|
||||
}
|
||||
Loading…
Reference in New Issue