xfarrow/blink
0
0
Fork 0
mirror of https://github.com/xfarrow/blink synced 2025-06-27 09:03:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

reset password API complete

Browse Source
This commit is contained in:
xfarrow
2024-03-25 15:39:04 +01:00
parent c06869d3b4
commit dbdc9f78c5
3 changed files with 68 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/apis/nodejs/src/models/person_model.js
View File

@@ -139,7 +139,7 @@ async function remove(personId) {
async function confirmActivation(personId) {
await knex.transaction(async (tr) => {
await knex('Person')
await tr('Person')
.where('id', personId)
.update({
enabled: true
@@ -149,7 +149,6 @@ async function confirmActivation(personId) {
.where('person_id', personId)
.del();
});
}
// Exporting a function

37
backend/apis/nodejs/src/models/reset_password_model.js
View File

@@ -21,6 +21,39 @@ async function add(email, secret){
});
}
module.exports = {
add
async function findBySecret(secret) {
return await knex('RequestResetPassword').where({
secret
}).first();
}
/**
* Given a secret and a new password, update the Peron's personal password
*
* @param {*} password The new (hashed) password
* @param {*} secret The secret received via e-mail (table RequestResetPassword)
* @returns
*/
async function resetPassword(password, secret) {
const request = await findBySecret(secret);
if (!request) {
return;
}
await knex.transaction(async tr => {
await tr('Person').where({
email: request.email
}).update({
password
});
await tr('RequestResetPassword').where({
email
}).del();
});
}
module.exports = {
add,
findBySecret,
resetPassword
}

34
backend/apis/nodejs/src/routes/reset_password_routes.js
View File

@@ -13,21 +13,22 @@
const Person = require('../models/person_model');
const mailUtils = require('../utils/mail_utils');
const RequestResetPassword = require('../models/reset_password_model');
const ResetPassword = require('../models/reset_password_model');
const crypto = require('crypto');
const express = require('express');
const bcrypt = require('bcrypt');
async function add(req, res) {
try {
const userExists = await Person.findByEmail(req.body.email);
// If the user does not exist, do not inform them of the absence
// of the user
if (userExists) {
const secret = crypto.randomBytes(16).toString('hex');
await RequestResetPassword.add(req.body.email, secret);
mailUtils.sendMail(req.body.email, 'Blink Reset Password', secret, null);
await ResetPassword.add(req.body.email, secret);
const body = `Click on this link: ...${secret} to reset your Blink password. If you did not ask for such a change, simply ignore this e-mail.`;
mailUtils.sendMail(req.body.email, 'Blink Reset Password', body, null);
}
return res.status(204).send();
res.status(204).send();
} catch (error) {
console.error(`Error in function ${registerPerson.name}: ${error}`);
res.status(500).json({
@@ -36,8 +37,31 @@ async function add(req, res) {
}
}
async function reset(req, res) {
try {
const requester = await ResetPassword.findBySecret(req.body.secret);
if (requester) {
const diffMilliseconds = Date.now() - requester.time_of_request.getTime();
// Check whether the request was not performed more than 30 minutes ago
if(diffMilliseconds / (1000 * 60) <= 30){
const newPassword = await bcrypt.hash(req.body.password, 10);
ResetPassword.resetPassword(newPassword, req.body.secret);
return res.status(204).send();
}
}
return res.status(400).send("Request either invalid or expired");
} catch (error) {
console.error(`Error in function ${reset.name}: ${error}`);
res.status(500).json({
error: 'Internal server error'
});
}
}
const routes = express.Router();
routes.post('/request', add);
routes.post('/reset', reset);
module.exports = {
routes