69 lines
1.6 KiB
JavaScript
69 lines
1.6 KiB
JavaScript
const errors = require('restify-errors');
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
const config = require('../config');
|
|
const User = require('../models/user');
|
|
|
|
const {
|
|
api: { url },
|
|
security: { reset: { route, tokenPlaceholder } },
|
|
} = config;
|
|
|
|
const routes = {
|
|
resetWithToken: `${route}/${tokenPlaceholder}([A-Za-z0-9_]+\.{3})`,
|
|
getTestToken: `${route}/generate`,
|
|
};
|
|
|
|
module.exports = function (server, auth) {
|
|
server.get(routes.getTestToken, auth.secure, function (req, res, next) {
|
|
const { record: user } = req.user;
|
|
const resetToken = user.generateResetToken();
|
|
const resetUrl = `${url}${route}/${resetToken}`;
|
|
|
|
res.send({ resetToken, resetUrl });
|
|
next();
|
|
});
|
|
|
|
server.post(routes.resetWithToken, auth.bypass, function (req, res, next) {
|
|
const { reset_token } = req.params;
|
|
const { password } = req.body;
|
|
|
|
if (!reset_token) {
|
|
return next(
|
|
new errors.InvalidContentError('A reset token was not provided.'),
|
|
);
|
|
}
|
|
|
|
if (!password) {
|
|
return next(
|
|
new errors.InvalidContentError('Password cannot be empty.'),
|
|
);
|
|
}
|
|
|
|
User.verifyTokenAndResetPassword(reset_token, password, (err, user, info) => {
|
|
if (err) {
|
|
console.error(err);
|
|
return next(
|
|
new errors.InvalidContentError(err),
|
|
);
|
|
}
|
|
|
|
if (!user) {
|
|
console.error(err);
|
|
res.send({
|
|
success: false,
|
|
info: 'Password reset failed. ' + info,
|
|
});
|
|
return next();
|
|
}
|
|
|
|
res.send({
|
|
success: true,
|
|
info: 'Password reset successful.',
|
|
...user.toAuthJSON()
|
|
});
|
|
next();
|
|
});
|
|
});
|
|
};
|