-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpasswords.js
108 lines (102 loc) · 3.39 KB
/
passwords.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
const express = require('express');
const { StatusCodes } = require('http-status-codes');
const router = express.Router();
const models = require('../models');
const helpers = require('./helpers');
/* GET the forgot password form */
router.get('/forgot', (req, res) => {
res.render('passwords/forgot');
});
/* POST email to forgot password for reset */
router.post(
'/forgot',
helpers.async(async (req, res) => {
const user = await models.User.findOne({
where: { email: req.body.email },
});
if (user) {
await user.sendPasswordResetEmail(req.agency);
if (req.header('Content-Type') === 'application/json') {
res.status(StatusCodes.OK).json({ message: res.__('passwords.forgot.success') });
} else {
res.render('passwords/forgot', { isSent: true });
}
} else {
res.locals.errors = [{ path: 'email', message: res.__('passwords.forgot.notFound') }];
if (req.header('Content-Type') === 'application/json') {
res.status(StatusCodes.NOT_FOUND).json({ messages: res.locals.errors });
} else {
res.status(StatusCodes.NOT_FOUND).render('passwords/forgot');
}
}
}),
);
/* GET the reset password form */
router.get(
'/reset/:token',
helpers.async(async (req, res) => {
const user = await models.User.findOne({
where: { passwordResetToken: req.params.token },
});
if (user) {
res.render('passwords/reset', {
token: req.params.token,
isExpired: user.passwordResetTokenExpiresAt.getTime() < Date.now(),
});
} else {
res.render('passwords/reset', {
isInvalid: true,
});
}
}),
);
/* POST the new password */
router.post(
'/reset/:token',
helpers.async(async (req, res) => {
try {
const user = await models.User.findOne({
where: { passwordResetToken: req.params.token },
});
if (user) {
/// check token expiration
if (user.passwordResetTokenExpiresAt.getTime() < Date.now()) {
res.status(StatusCodes.GONE).json({ messages: [{ path: 'password', message: res.__('passwords.reset.expired') }] });
return;
}
/// update password
try {
await user.update({ password: req.body.password });
if (req.header('Content-Type') === 'application/json') {
res.status(StatusCodes.OK).json({ message: res.__('passwords.reset.success') });
} else {
res.render('passwords/reset', {
isSaved: true,
});
}
} catch (err) {
res.locals.errors = err.errors;
if (req.header('Content-Type') === 'application/json') {
res.status(StatusCodes.UNPROCESSABLE_ENTITY).json({ messages: res.locals.errors });
} else {
res.status(StatusCodes.UNPROCESSABLE_ENTITY).render('passwords/reset', {
token: req.params.token,
isExpired: user.passwordResetTokenExpiresAt.getTime() < Date.now(),
});
}
}
} else {
throw new Error();
}
} catch (err) {
if (req.header('Content-Type') === 'application/json') {
res.status(StatusCodes.NOT_FOUND).json({ messages: [{ path: 'password', message: res.__('passwords.reset.invalid') }] });
} else {
res.status(StatusCodes.NOT_FOUND).render('passwords/reset', {
isInvalid: true,
});
}
}
}),
);
module.exports = router;