mirror of
https://github.com/xfarrow/blink
synced 2025-03-20 12:50:04 +01:00
reset password API complete
This commit is contained in:
xfarrow
parent
c06869d3b4
commit
dbdc9f78c5
@ -139,7 +139,7 @@ async function remove(personId) {
|
|||||||
|
|
||||||
async function confirmActivation(personId) {
|
async function confirmActivation(personId) {
|
||||||
await knex.transaction(async (tr) => {
|
await knex.transaction(async (tr) => {
|
||||||
await knex('Person')
|
await tr('Person')
|
||||||
.where('id', personId)
|
.where('id', personId)
|
||||||
.update({
|
.update({
|
||||||
enabled: true
|
enabled: true
|
||||||
@ -149,7 +149,6 @@ async function confirmActivation(personId) {
|
|||||||
.where('person_id', personId)
|
.where('person_id', personId)
|
||||||
.del();
|
.del();
|
||||||
});
|
});
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Exporting a function
|
// Exporting a function
|
||||||
|
|||||||
@ -13,14 +13,47 @@
|
|||||||
|
|
||||||
const knex = require('../utils/knex_config');
|
const knex = require('../utils/knex_config');
|
||||||
|
|
||||||
async function add(email, secret){
|
async function add(email, secret) {
|
||||||
await knex('RequestResetPassword')
|
await knex('RequestResetPassword')
|
||||||
.insert({
|
.insert({
|
||||||
email,
|
email,
|
||||||
|
secret
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async function findBySecret(secret) {
|
||||||
|
return await knex('RequestResetPassword').where({
|
||||||
secret
|
secret
|
||||||
|
}).first();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Given a secret and a new password, update the Peron's personal password
|
||||||
|
*
|
||||||
|
* @param {*} password The new (hashed) password
|
||||||
|
* @param {*} secret The secret received via e-mail (table RequestResetPassword)
|
||||||
|
* @returns
|
||||||
|
*/
|
||||||
|
async function resetPassword(password, secret) {
|
||||||
|
const request = await findBySecret(secret);
|
||||||
|
if (!request) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
await knex.transaction(async tr => {
|
||||||
|
await tr('Person').where({
|
||||||
|
email: request.email
|
||||||
|
}).update({
|
||||||
|
password
|
||||||
|
});
|
||||||
|
|
||||||
|
await tr('RequestResetPassword').where({
|
||||||
|
email
|
||||||
|
}).del();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
add
|
add,
|
||||||
|
findBySecret,
|
||||||
|
resetPassword
|
||||||
}
|
}
|
||||||
@ -13,21 +13,22 @@
|
|||||||
|
|
||||||
const Person = require('../models/person_model');
|
const Person = require('../models/person_model');
|
||||||
const mailUtils = require('../utils/mail_utils');
|
const mailUtils = require('../utils/mail_utils');
|
||||||
const RequestResetPassword = require('../models/reset_password_model');
|
const ResetPassword = require('../models/reset_password_model');
|
||||||
const crypto = require('crypto');
|
const crypto = require('crypto');
|
||||||
const express = require('express');
|
const express = require('express');
|
||||||
|
const bcrypt = require('bcrypt');
|
||||||
|
|
||||||
async function add(req, res) {
|
async function add(req, res) {
|
||||||
try {
|
try {
|
||||||
const userExists = await Person.findByEmail(req.body.email);
|
const userExists = await Person.findByEmail(req.body.email);
|
||||||
// If the user does not exist, do not inform them of the absence
|
// If the user does not exist, do not inform them of the absence
|
||||||
// of the user
|
|
||||||
if (userExists) {
|
if (userExists) {
|
||||||
const secret = crypto.randomBytes(16).toString('hex');
|
const secret = crypto.randomBytes(16).toString('hex');
|
||||||
await RequestResetPassword.add(req.body.email, secret);
|
await ResetPassword.add(req.body.email, secret);
|
||||||
mailUtils.sendMail(req.body.email, 'Blink Reset Password', secret, null);
|
const body = `Click on this link: ...${secret} to reset your Blink password. If you did not ask for such a change, simply ignore this e-mail.`;
|
||||||
|
mailUtils.sendMail(req.body.email, 'Blink Reset Password', body, null);
|
||||||
}
|
}
|
||||||
return res.status(204).send();
|
res.status(204).send();
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
console.error(`Error in function ${registerPerson.name}: ${error}`);
|
console.error(`Error in function ${registerPerson.name}: ${error}`);
|
||||||
res.status(500).json({
|
res.status(500).json({
|
||||||
@ -36,9 +37,32 @@ async function add(req, res) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function reset(req, res) {
|
||||||
|
try {
|
||||||
|
const requester = await ResetPassword.findBySecret(req.body.secret);
|
||||||
|
if (requester) {
|
||||||
|
const diffMilliseconds = Date.now() - requester.time_of_request.getTime();
|
||||||
|
// Check whether the request was not performed more than 30 minutes ago
|
||||||
|
if(diffMilliseconds / (1000 * 60) <= 30){
|
||||||
|
const newPassword = await bcrypt.hash(req.body.password, 10);
|
||||||
|
ResetPassword.resetPassword(newPassword, req.body.secret);
|
||||||
|
return res.status(204).send();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return res.status(400).send("Request either invalid or expired");
|
||||||
|
|
||||||
|
} catch (error) {
|
||||||
|
console.error(`Error in function ${reset.name}: ${error}`);
|
||||||
|
res.status(500).json({
|
||||||
|
error: 'Internal server error'
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const routes = express.Router();
|
const routes = express.Router();
|
||||||
routes.post('/request', add);
|
routes.post('/request', add);
|
||||||
|
routes.post('/reset', reset);
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
routes
|
routes
|
||||||
};
|
};
|
||||||
Loading…
x
Reference in New Issue
Block a user