Adds reset password logic
This commit is contained in:
Florent Vilmart
@@ -47,7 +47,7 @@ export class Config {
|
||||
}
|
||||
|
||||
get choosePasswordURL() {
|
||||
return `${this.serverURL}/apps/${this.applicationId}/choose_password`;
|
||||
return `${this.serverURL}/apps/choose_password`;
|
||||
}
|
||||
|
||||
get requestResetPasswordURL() {
|
||||
|
||||
@@ -4,6 +4,9 @@ import AdaptableController from './AdaptableController';
|
||||
import MailAdapter from '../Adapters/Email/MailAdapter';
|
||||
|
||||
var DatabaseAdapter = require('../DatabaseAdapter');
|
||||
var RestWrite = require('../RestWrite');
|
||||
var hash = require('../password').hash;
|
||||
var Auth = require('../Auth');
|
||||
|
||||
export class UserController extends AdaptableController {
|
||||
|
||||
@@ -35,7 +38,7 @@ export class UserController extends AdaptableController {
|
||||
}
|
||||
|
||||
|
||||
verifyEmail(username, token) {
|
||||
verifyEmail(username, token, config = this.config) {
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
|
||||
@@ -45,7 +48,7 @@ export class UserController extends AdaptableController {
|
||||
return;
|
||||
}
|
||||
|
||||
var database = this.config.database;
|
||||
var database = config.database;
|
||||
|
||||
database.collection('_User').then(coll => {
|
||||
// Need direct database access because verification token is not a parse field
|
||||
@@ -64,45 +67,24 @@ export class UserController extends AdaptableController {
|
||||
});
|
||||
}
|
||||
|
||||
checkResetTokenValidity(username, token) {
|
||||
var database = this.config.database;
|
||||
checkResetTokenValidity(username, token, config = this.config) {
|
||||
return new Promise((resolve, reject) => {
|
||||
database.collection('_User').then(coll => {
|
||||
// Need direct database access because verification token is not a parse field
|
||||
return config.database.collection('_User').then(coll => {
|
||||
return coll.findOne({
|
||||
username: username,
|
||||
_email_reset_token: token,
|
||||
_perishable_token: token,
|
||||
}, (err, doc) => {
|
||||
if (err || !doc.value) {
|
||||
reject();
|
||||
if (err || !doc) {
|
||||
reject(err);
|
||||
} else {
|
||||
resolve();
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
setPasswordResetToken(email) {
|
||||
var database = this.config.database;
|
||||
var token = randomString(25);
|
||||
return new Promise((resolve, reject) => {
|
||||
database.collection('_User').then(coll => {
|
||||
// Need direct database access because verification token is not a parse field
|
||||
return coll.findAndModify({
|
||||
email: email,
|
||||
}, null, {$set: {_email_reset_token: token}}, (err, doc) => {
|
||||
if (err || !doc.value) {
|
||||
reject();
|
||||
} else {
|
||||
console.log(doc);
|
||||
resolve(token);
|
||||
resolve(doc);
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
sendVerificationEmail(user, config = this.config) {
|
||||
if (!this.shouldVerifyEmails) {
|
||||
return;
|
||||
@@ -119,25 +101,68 @@ export class UserController extends AdaptableController {
|
||||
});
|
||||
}
|
||||
|
||||
sendPasswordResetEmail(user, config = this.config) {
|
||||
setPasswordResetToken(email, config = this.config) {
|
||||
var database = config.database;
|
||||
var token = randomString(25);
|
||||
return new Promise((resolve, reject) => {
|
||||
return database.collection('_User').then(coll => {
|
||||
// Need direct database access because verification token is not a parse field
|
||||
return coll.findAndModify({
|
||||
email: email,
|
||||
}, null, {$set: {_perishable_token: token}}, (err, doc) => {
|
||||
if (err || !doc.value) {
|
||||
console.error(err);
|
||||
reject(err);
|
||||
} else {
|
||||
doc.value._perishable_token = token;
|
||||
resolve(doc.value);
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
sendPasswordResetEmail(email, config = this.config) {
|
||||
if (!this.adapter) {
|
||||
throw "Trying to send a reset password but no adapter is set";
|
||||
// TODO: No adapter?
|
||||
return;
|
||||
}
|
||||
|
||||
const token = encodeURIComponent(user._email_reset_token);
|
||||
const username = encodeURIComponent(user.username);
|
||||
|
||||
let link = `${config.requestPasswordResetURL}?token=${token}&username=${username}`
|
||||
this.adapter.sendPasswordResetEmail({
|
||||
appName: config.appName,
|
||||
link: link,
|
||||
user: inflate('_User', user),
|
||||
return this.setPasswordResetToken(email).then((user) => {
|
||||
|
||||
const token = encodeURIComponent(user._perishable_token);
|
||||
const username = encodeURIComponent(user.username);
|
||||
let link = `${config.requestResetPasswordURL}?token=${token}&username=${username}`
|
||||
this.adapter.sendPasswordResetEmail({
|
||||
appName: config.appName,
|
||||
link: link,
|
||||
user: inflate('_User', user),
|
||||
});
|
||||
return Promise.resolve(user);
|
||||
}, (err) => {
|
||||
return Promise.reject(err);
|
||||
});
|
||||
}
|
||||
|
||||
updatePassword(username, token, password, config = this.config) {
|
||||
return this.checkResetTokenValidity(username, token, config).then(() => {
|
||||
return updateUserPassword(username, token, password, config);
|
||||
});
|
||||
}
|
||||
|
||||
sendMail(options) {
|
||||
this.adapter.sendMail(options);
|
||||
}
|
||||
}
|
||||
|
||||
// Mark this private
|
||||
function updateUserPassword(username, token, password, config) {
|
||||
var write = new RestWrite(config, Auth.master(config), '_User', {
|
||||
username: username,
|
||||
_perishable_token: token
|
||||
}, {password: password, _perishable_token: null }, undefined);
|
||||
return write.execute();
|
||||
}
|
||||
|
||||
export default UserController;
|
||||
|
||||
@@ -832,4 +832,5 @@ RestWrite.prototype.objectId = function() {
|
||||
return this.data.objectId || this.query.objectId;
|
||||
};
|
||||
|
||||
export default RestWrite;
|
||||
module.exports = RestWrite;
|
||||
|
||||
@@ -21,7 +21,7 @@ export class PublicAPIRouter extends PromiseRouter {
|
||||
}
|
||||
|
||||
let userController = config.userController;
|
||||
return userController.verifyEmail(username, token, appId).then( () => {
|
||||
return userController.verifyEmail(username, token).then( () => {
|
||||
return Promise.resolve({
|
||||
status: 302,
|
||||
location: `${config.verifyEmailSuccessURL}?username=${username}`
|
||||
@@ -33,7 +33,13 @@ export class PublicAPIRouter extends PromiseRouter {
|
||||
|
||||
changePassword(req) {
|
||||
return new Promise((resolve, reject) => {
|
||||
var config = new Config(req.params.appId);
|
||||
var config = new Config(req.query.id);
|
||||
if (!config.serverURL) {
|
||||
return Promise.resolve({
|
||||
status: 404,
|
||||
text: 'Not found.'
|
||||
});
|
||||
}
|
||||
// Should we keep the file in memory or leave like that?
|
||||
fs.readFile(path.resolve(views, "choose_password"), 'utf-8', (err, data) => {
|
||||
if (err) {
|
||||
@@ -47,23 +53,51 @@ export class PublicAPIRouter extends PromiseRouter {
|
||||
});
|
||||
}
|
||||
|
||||
resetPassword(req) {
|
||||
var { username, token } = req.params;
|
||||
requestResetPassword(req) {
|
||||
|
||||
var { username, token } = req.query;
|
||||
|
||||
if (!username || !token) {
|
||||
return this.invalidLink(req);
|
||||
}
|
||||
|
||||
let config = req.config;
|
||||
return config.userController.checkResetTokenValidity(username, token).then( () => {
|
||||
return config.userController.checkResetTokenValidity(username, token).then( (user) => {
|
||||
return Promise.resolve({
|
||||
status: 302,
|
||||
location: `${config.choosePasswordURL}?token=${token}&id=${config.applicationId}&username=${username}`
|
||||
location: `${config.choosePasswordURL}?token=${token}&id=${config.applicationId}&username=${username}&app=${config.appName}`
|
||||
})
|
||||
}, () => {
|
||||
return this.invalidLink(req);
|
||||
})
|
||||
}
|
||||
|
||||
resetPassword(req) {
|
||||
var {
|
||||
username,
|
||||
token,
|
||||
new_password
|
||||
} = req.body;
|
||||
|
||||
if (!username || !token || !new_password) {
|
||||
return this.invalidLink(req);
|
||||
}
|
||||
|
||||
let config = req.config;
|
||||
return config.userController.updatePassword(username, token, new_password).then((result) => {
|
||||
return Promise.resolve({
|
||||
status: 302,
|
||||
location: config.passwordResetSuccessURL
|
||||
});
|
||||
}, (err) => {
|
||||
console.error(err);
|
||||
return Promise.resolve({
|
||||
status: 302,
|
||||
location: `${config.choosePasswordURL}?token=${token}&id=${config.applicationId}&username=${username}&error=${err}&app=${config.appName}`
|
||||
});
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
invalidLink(req) {
|
||||
return Promise.resolve({
|
||||
@@ -80,13 +114,14 @@ export class PublicAPIRouter extends PromiseRouter {
|
||||
mountRoutes() {
|
||||
this.route('GET','/apps/:appId/verify_email', this.setConfig, req => { return this.verifyEmail(req); });
|
||||
this.route('GET','/apps/choose_password', req => { return this.changePassword(req); });
|
||||
this.route('GET','/apps/:appId/request_password_reset', this.setConfig, req => { return this.resetPassword(req); });
|
||||
this.route('POST','/apps/:appId/request_password_reset', this.setConfig, req => { return this.resetPassword(req); });
|
||||
this.route('GET','/apps/:appId/request_password_reset', this.setConfig, req => { return this.requestResetPassword(req); });
|
||||
}
|
||||
|
||||
expressApp() {
|
||||
var router = express();
|
||||
router.use("/apps", express.static(public_html));
|
||||
router.use(super.expressApp());
|
||||
router.use("/", super.expressApp());
|
||||
return router;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,7 +34,7 @@ export class UsersRouter extends ClassesRouter {
|
||||
if (req.config.verifyUserEmails) {
|
||||
// Send email as fire-and-forget once the user makes it into the DB.
|
||||
p.then(() => {
|
||||
req.config.userController.sendVerificationEmail(req.body, req.config);
|
||||
req.config.userController.sendVerificationEmail(req.body);
|
||||
});
|
||||
}
|
||||
return p;
|
||||
@@ -154,17 +154,16 @@ export class UsersRouter extends ClassesRouter {
|
||||
}
|
||||
|
||||
handleResetRequest(req) {
|
||||
|
||||
let { email } = req.body.email;
|
||||
let { email } = req.body;
|
||||
if (!email) {
|
||||
throw "Missing email";
|
||||
throw new Parse.Error(Parse.Error.EMAIL_MISSING, "you must provide an email");
|
||||
}
|
||||
let userController = req.config.userController;
|
||||
|
||||
return userController.sendPasswordResetEmail(email).then((token) => {
|
||||
return Promise.resolve({
|
||||
response: {}
|
||||
})
|
||||
});
|
||||
}, (err) => {
|
||||
throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, `no user found with email ${email}`);
|
||||
});
|
||||
|
||||
@@ -182,7 +182,8 @@ function ParseServer({
|
||||
}));
|
||||
|
||||
if (process.env.PARSE_EXPERIMENTAL_EMAIL_VERIFICATION_ENABLED || process.env.TESTING == 1) {
|
||||
api.use('/', new PublicAPIRouter().expressApp());
|
||||
// need the body parser for the password reset
|
||||
api.use('/', bodyParser.urlencoded({extended: false}), new PublicAPIRouter().expressApp());
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -45,6 +45,9 @@ export function transformKeyValue(schema, className, restKey, restValue, options
|
||||
case '_email_verify_token':
|
||||
key = "_email_verify_token";
|
||||
break;
|
||||
case '_perishable_token':
|
||||
key = "_perishable_token";
|
||||
break;
|
||||
case 'sessionToken':
|
||||
case '_session_token':
|
||||
key = '_session_token';
|
||||
|
||||
Reference in New Issue
Block a user