v1.13.0: Reset Password
This commit is contained in:
Wingy
parent
10c585d230
commit
22ebde8a0b
7 changed files with 134 additions and 11 deletions
|
|
@ -3,8 +3,8 @@ const bcrypt = require('bcrypt-nodejs');
|
|||
const express = require('express');
|
||||
const { nanoid } = require('nanoid')
|
||||
|
||||
const SIGNUP_TOKEN_LENGTH = 32
|
||||
const SIGNUP_TOKEN_LIFETIME =
|
||||
const SECRET_TOKEN_LENGTH = 32
|
||||
const SECRET_TOKEN_LIFETIME =
|
||||
// One week, approximately. Doesn't need to be perfect.
|
||||
1000 // milliseconds
|
||||
* 60 // seconds
|
||||
|
|
@ -31,8 +31,8 @@ module.exports = (db) => {
|
|||
admin: false,
|
||||
wishlist: [],
|
||||
|
||||
signupToken: nanoid(SIGNUP_TOKEN_LENGTH),
|
||||
expiry: new Date().getTime() + SIGNUP_TOKEN_LIFETIME
|
||||
signupToken: nanoid(SECRET_TOKEN_LENGTH),
|
||||
expiry: new Date().getTime() + SECRET_TOKEN_LIFETIME
|
||||
|
||||
});
|
||||
res.redirect(`/admin-settings/edit/${req.body.newUserUsername.trim()}`)
|
||||
|
|
@ -48,8 +48,26 @@ module.exports = (db) => {
|
|||
router.post('/edit/refresh-signup-token/:userToEdit', verifyAuth(), async (req, res) => {
|
||||
if (!req.user.admin) return res.redirect('/');
|
||||
const doc = await db.get(req.params.userToEdit)
|
||||
doc.signupToken = nanoid(SIGNUP_TOKEN_LENGTH)
|
||||
doc.expiry = new Date().getTime() + SIGNUP_TOKEN_LIFETIME
|
||||
doc.signupToken = nanoid(SECRET_TOKEN_LENGTH)
|
||||
doc.expiry = new Date().getTime() + SECRET_TOKEN_LIFETIME
|
||||
await db.put(doc)
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToEdit}`)
|
||||
});
|
||||
|
||||
router.post('/edit/resetpw/:userToEdit', verifyAuth(), async (req, res) => {
|
||||
if (!req.user.admin) return res.redirect('/');
|
||||
const doc = await db.get(req.params.userToEdit)
|
||||
doc.pwToken = nanoid(SECRET_TOKEN_LENGTH)
|
||||
doc.pwExpiry = new Date().getTime() + SECRET_TOKEN_LIFETIME
|
||||
await db.put(doc)
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToEdit}`)
|
||||
});
|
||||
|
||||
router.post('/edit/cancelresetpw/:userToEdit', verifyAuth(), async (req, res) => {
|
||||
if (!req.user.admin) return res.redirect('/');
|
||||
const doc = await db.get(req.params.userToEdit)
|
||||
delete doc.pwToken
|
||||
delete doc.pwExpiry
|
||||
await db.put(doc)
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToEdit}`)
|
||||
});
|
||||
|
|
|
|||
|
|
@ -5,11 +5,11 @@ module.exports = (db) => {
|
|||
const router = express.Router();
|
||||
|
||||
router.get('/:code', async (req, res) => {
|
||||
const { doc } = (await db.allDocs({ include_docs: true }))
|
||||
const row = (await db.allDocs({ include_docs: true }))
|
||||
.rows
|
||||
.find(({ doc }) => doc.signupToken === req.params.code)
|
||||
|
||||
res.render('confirm-account', { doc })
|
||||
res.render('confirm-account', { doc: row ? row.doc : undefined })
|
||||
});
|
||||
|
||||
router.post('/:code', async (req, res) => {
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ module.exports = ({ db, config }) => {
|
|||
|
||||
router.use('/login', require('./login')());
|
||||
router.use('/logout', require('./logout')());
|
||||
router.use('/resetpw', require('./resetpw')(db));
|
||||
router.use('/confirm-account', require('./confirm-account')(db));
|
||||
|
||||
router.use('/wishlist', require('./wishlist')(db));
|
||||
|
|
|
|||
45
routes/resetpw/index.js
Normal file
45
routes/resetpw/index.js
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
const bcrypt = require('bcrypt-nodejs');
|
||||
const express = require('express');
|
||||
|
||||
module.exports = (db) => {
|
||||
const router = express.Router();
|
||||
|
||||
router.get('/:code', async (req, res) => {
|
||||
const row = (await db.allDocs({ include_docs: true }))
|
||||
.rows
|
||||
.find(({ doc }) => doc.pwToken === req.params.code)
|
||||
|
||||
|
||||
res.render('resetpw', { doc: row ? row.doc : undefined })
|
||||
});
|
||||
|
||||
router.post('/:code', async (req, res) => {
|
||||
const { doc } = (await db.allDocs({ include_docs: true }))
|
||||
.rows
|
||||
.find(({ doc }) => doc.pwToken === req.params.code)
|
||||
|
||||
if (doc.expiry < new Date().getTime()) return res.redirect(`/resetpw/${req.params.code}`)
|
||||
|
||||
bcrypt.hash(req.body.password, null, null, async (err, passwordHash) => {
|
||||
if (err) throw err;
|
||||
|
||||
doc.password = passwordHash
|
||||
delete doc.pwToken
|
||||
delete doc.pwExpiry
|
||||
|
||||
await db.put(doc)
|
||||
|
||||
req.login({ _id: doc._id }, err => {
|
||||
if (err) {
|
||||
console.log(err)
|
||||
req.flash('error', err.message)
|
||||
return res.redirect('/')
|
||||
}
|
||||
req.flash('success', `Welcome to ${_CC.config.siteTitle}!`);
|
||||
res.redirect('/');
|
||||
})
|
||||
});
|
||||
});
|
||||
|
||||
return router;
|
||||
};
|
||||
Loading…
Add table
Add a link
Reference in a new issue