const utils = require('../../../utils');
const snippets = require('../../../utils/snippets');
const bcrypt = require('bcrypt');
module.exports = {
post: {
"": [{
auth: false,
captcha: true
}, function(req, res) {
let captcha_bypass_token;
let email;
utils.validate.keys(req.body, [
['new_password', utils.validate.password, "New password not strong enough"],
['token', utils.validate.uuid]
]).then(function() {
return utils.query("SELECT * FROM password_reset WHERE reset_id=? AND expires>?", [
req.body.token, Date.now()
]).catch(utils.handle_err.sql(res));
}).then(function([password_reset_data]) {
if (!password_reset_data) {
return utils.reject("Invalid password reset token");
}
email = password_reset_data.email;
return bcrypt.hash(req.body.new_password, 10);
}).then(function(hashword) {
// I don't check if you are resetting your password
// to the same thing it was because what's the point?
return utils.query("UPDATE users" + utils.set_where({
password: hashword
}, {
email: email
})).catch(utils.handle_err.sql(res));
}).then(function() {
return utils.query("DELETE FROM password_reset WHERE ?", {
reset_id: req.body.token
}).catch(utils.handle_err.sql(res));
}).then(function() {
captcha_bypass_token = utils.uuid();
return utils.query("INSERT INTO captcha_bypass SET ?", {
bypass_id: captcha_bypass_token,
expires: Date.now() + 30000 // 30 seconds from now
}).catch(utils.handle_err.sql(res));
}).then(function() {
res.send(utils.ok({
captcha_bypass_token: captcha_bypass_token,
email: email
}));
return snippets.generate_token_and_send_email(res,
"password_reset", "reset_id",
email, "send_password_changed_email"
);
}).catch(utils.handle_err.res(res, "Could not update password"));
}],
"request": [{
auth: false,
captcha: true
}, function(req, res) {
utils.validate.keys(req.body, [
['email', utils.validate.email, "Invalid Email"]
]).then(function() {
return utils.query('SELECT email_confirmed FROM users WHERE ?', {
email: req.body.email
}).catch(utils.handle_err.sql(res));
}).then(function([user]) {
if (!user) {
return utils.reject("Unknown Email");
}
if (!user.email_confirmed) {
return utils.reject("You must confirm your email first, please check your inbox");
}
return utils.query(
'SELECT reset_id FROM password_reset WHERE email=? AND expires<?',
[req.body.email, Date.now()]
).catch(utils.handle_err.sql(res));
}).then(function([password_reset_data]) {
if (password_reset_data) {
return utils.reject([utils.status.ok, {
message: "You should already have a valid password reset link, please check your inbox"
}]);
}
return snippets.generate_token_and_send_email(res,
"password_reset", "reset_id",
req.body.email, "send_password_reset_email"
);
}).then(function() {
return res.send(utils.ok({
message: "Password reset email sent, please check your inbox"
}));
}).catch(utils.handle_err.res(res, "Error sending your password reset link, try again later"));
}]
}
}