- More, more, more...

routes/reset.js

@@ -0,0 +1,68 @@
+const errors = require('restify-errors');
+const jwt = require('jsonwebtoken');
+
+const config = require('../config');
+const User = require('../models/user');
+
+const {
+  api: { url },
+  security: { reset: { route, tokenPlaceholder } },
+} = config;
+
+const routes = {
+  resetWithToken: `${route}/${tokenPlaceholder}([A-Za-z0-9_]+\.{3})`,
+  getTestToken: `${route}/generate`,
+};
+
+module.exports = function (server, auth) {
+	server.get(routes.getTestToken, auth.secure, function (req, res, next) {
+    const { record: user } = req.user;
+    const resetToken = user.generateResetToken();
+    const resetUrl = `${url}${route}/${resetToken}`;
+
+    res.send({ resetToken, resetUrl });
+    next();
+	});
+
+	server.post(routes.resetWithToken, auth.bypass, function (req, res, next) {
+    const { reset_token } = req.params;
+    const { password } = req.body;
+
+    if (!reset_token) {
+      return next(
+        new errors.InvalidContentError('A reset token was not provided.'),
+      );
+    }
+
+    if (!password) {
+      return next(
+        new errors.InvalidContentError('Password cannot be empty.'),
+      );
+    }
+
+    User.verifyTokenAndResetPassword(reset_token, password, (err, user, info) => {
+      if (err) {
+        console.error(err);
+        return next(
+          new errors.InvalidContentError(err),
+        );
+      }
+
+      if (!user) {
+        console.error(err);
+        res.send({
+          success: false,
+          info: 'Password reset failed. ' + info,
+        });
+        return next();
+      }
+
+      res.send({
+        success: true,
+        info: 'Password reset successful.',
+        ...user.toAuthJSON()
+      });
+      next();
+    });
+	});
+};