From ecb4e35f4e6c7304cb274593c13cb47fd5078b75 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 30 Jan 2018 13:27:07 +0100 Subject: Add ability to reset our password --- server/controllers/api/users.ts | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) (limited to 'server/controllers/api') diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index 79bb2665d..05639fbec 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts @@ -6,17 +6,23 @@ import { UserCreate, UserRight, UserRole, UserUpdate, UserUpdateMe, UserVideoRat import { unlinkPromise } from '../../helpers/core-utils' import { retryTransactionWrapper } from '../../helpers/database-utils' import { logger } from '../../helpers/logger' -import { createReqFiles, getFormattedObjects } from '../../helpers/utils' +import { createReqFiles, generateRandomString, getFormattedObjects } from '../../helpers/utils' import { AVATAR_MIMETYPE_EXT, AVATARS_SIZE, CONFIG, sequelizeTypescript } from '../../initializers' import { updateActorAvatarInstance } from '../../lib/activitypub' import { sendUpdateUser } from '../../lib/activitypub/send' +import { Emailer } from '../../lib/emailer' +import { EmailPayload } from '../../lib/job-queue/handlers/email' +import { Redis } from '../../lib/redis' import { createUserAccountAndChannel } from '../../lib/user' import { asyncMiddleware, authenticate, ensureUserHasRight, ensureUserRegistrationAllowed, paginationValidator, setDefaultSort, setDefaultPagination, token, usersAddValidator, usersGetValidator, usersRegisterValidator, usersRemoveValidator, usersSortValidator, usersUpdateMeValidator, usersUpdateValidator, usersVideoRatingValidator } from '../../middlewares' -import { usersUpdateMyAvatarValidator, videosSortValidator } from '../../middlewares/validators' +import { + usersAskResetPasswordValidator, usersResetPasswordValidator, usersUpdateMyAvatarValidator, + videosSortValidator +} from '../../middlewares/validators' import { AccountVideoRateModel } from '../../models/account/account-video-rate' import { UserModel } from '../../models/account/user' import { OAuthTokenModel } from '../../models/oauth/oauth-token' @@ -106,6 +112,16 @@ usersRouter.delete('/:id', asyncMiddleware(removeUser) ) +usersRouter.post('/ask-reset-password', + asyncMiddleware(usersAskResetPasswordValidator), + asyncMiddleware(askResetUserPassword) +) + +usersRouter.post('/:id/reset-password', + asyncMiddleware(usersResetPasswordValidator), + asyncMiddleware(resetUserPassword) +) + usersRouter.post('/token', token, success) // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route @@ -307,6 +323,25 @@ async function updateUser (req: express.Request, res: express.Response, next: ex return res.sendStatus(204) } +async function askResetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) { + const user = res.locals.user as UserModel + + const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id) + const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString + await Emailer.Instance.addForgetPasswordEmailJob(user.email, url) + + return res.status(204).end() +} + +async function resetUserPassword (req: express.Request, res: express.Response, next: express.NextFunction) { + const user = res.locals.user as UserModel + user.password = req.body.password + + await user.save() + + return res.status(204).end() +} + function success (req: express.Request, res: express.Response, next: express.NextFunction) { res.end() } -- cgit v1.2.3