From c609cd512da5e817a1c4acf24fda8d59a3214dcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikolaj=20Schl=C3=BCter?= Date: Mon, 3 Jul 2017 19:36:27 +0200 Subject: [PATCH 1/2] fix 48, missing unit tests and changelogs --- api/controllers/confirmRecovery.js | 13 +++++++++++++ api/controllers/recovery.js | 12 ++++++++++-- api/routes/index.js | 6 ++++++ get-config.js | 1 + lib/mail/index.js | 4 ++-- store/createModels/index.js | 2 ++ store/index.js | 1 + store/query/changePasswordWithRecovery.js | 20 ++++++++++++++++++++ 8 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 api/controllers/confirmRecovery.js create mode 100644 store/query/changePasswordWithRecovery.js diff --git a/api/controllers/confirmRecovery.js b/api/controllers/confirmRecovery.js new file mode 100644 index 0000000..483c437 --- /dev/null +++ b/api/controllers/confirmRecovery.js @@ -0,0 +1,13 @@ +module.exports = function(store) { + return async function(req, res, next) { + const { email, password } = req.body; + const recoveryToken = req.params.token; + try { + await store.changePasswordWithRecovery(email, recoveryToken, password); + return res.success(); + } catch (e) { + console.log(e); + return next(e); + } + }; +}; diff --git a/api/controllers/recovery.js b/api/controllers/recovery.js index 58094b2..1d3b6cf 100644 --- a/api/controllers/recovery.js +++ b/api/controllers/recovery.js @@ -3,7 +3,15 @@ const _ = require('lodash'); const mail = require('../../lib/mail'); module.exports = function(store, config) { - return function(req, res) { - res.params + return async function(req, res) { + try { + const recoveryToken = await store.requestRecoveryToken(req.params.email); + console.log(recoveryToken); + const user = await store.getByEmail(req.params.email) + mail.recover(config.smtp, recoveryToken, config.appName, config.passwordRecoveryUrl, config.logoLink, user); + res.success(); + } catch (e) { + res.failure(e); + } }; }; diff --git a/api/routes/index.js b/api/routes/index.js index 9d4ee58..3280efd 100644 --- a/api/routes/index.js +++ b/api/routes/index.js @@ -15,6 +15,8 @@ const removeRole = require('../controllers/remove-role'); const addRole = require('../controllers/add-role'); const modifyUserData = require('../controllers/modify-user-data'); const changePassword = require('../controllers/change-password'); +const recovery = require('../controllers/recovery'); +const confirmRecovery = require('../controllers/confirmRecovery'); module.exports = function createRouter(store, config) { const router = express.Router(); @@ -31,6 +33,10 @@ module.exports = function createRouter(store, config) { router.post('/login', login(store)); // Password recovery + router.get('/recovery/:email', recovery(store, config)); + router.post('/recovery/:token', confirmRecovery(store)); + + router.get('/verify/:token', verify()); // User data diff --git a/get-config.js b/get-config.js index 4310fd0..fd89807 100644 --- a/get-config.js +++ b/get-config.js @@ -19,6 +19,7 @@ module.exports = function(source) { appUrl: optional('appUrl', source, 'http://localhost:3000/'), redirectConfirmUrl: optional('redirectConfirmUrl', source, 'http://localhost:3000/redirect'), port: optional('port', 3000), + passwordRecoveryUrl: optional('passwordRecoveryUrl', source, 'http://localhost:3000/passwordrecovery'), }; return config; diff --git a/lib/mail/index.js b/lib/mail/index.js index a852b4d..1ee27ed 100644 --- a/lib/mail/index.js +++ b/lib/mail/index.js @@ -1,11 +1,11 @@ const sendEmail = require('./sendEmail'); module.exports = { - recover: (smtp, resetPasswordToken, appName, appUrl, logoLink, user) => { + recover: (smtp, resetPasswordToken, appName, passwordRecoveryUrl, logoLink, user) => { const templatePath = '/email_templates/recoverpass.hbs'; const emailData = { - resetPasswordLink: appUrl + resetPasswordToken, + resetPasswordLink: `${passwordRecoveryUrl}/${resetPasswordToken}`, appName, logoLink, user, diff --git a/store/createModels/index.js b/store/createModels/index.js index 3d55921..ecde006 100644 --- a/store/createModels/index.js +++ b/store/createModels/index.js @@ -21,6 +21,7 @@ const deleteUser = require('../query/delete'); const configureDefaultRoles = require('../query/configure-default-roles'); const modifyUserData = require('../query/modify-user-data'); const changePassword = require('../query/change-password'); +const changePasswordWithRecovery = require('../query/changePasswordWithRecovery'); const Schema = mongoose.Schema; @@ -83,6 +84,7 @@ module.exports = function (db) { userSchema.statics.configureDefaultRoles = configureDefaultRoles; userSchema.statics.modifyUserData = modifyUserData; userSchema.statics.changePassword = changePassword; + userSchema.statics.changePasswordWithRecovery = changePasswordWithRecovery; return { users: db.model('User', userSchema), diff --git a/store/index.js b/store/index.js index 0aa60b2..1250a66 100644 --- a/store/index.js +++ b/store/index.js @@ -34,6 +34,7 @@ module.exports = function (uri) { store.configureDefaultRoles = id => models.users.configureDefaultRoles(id); store.modifyUserData = (id, data) => models.users.modifyUserData(id, data); store.changePassword = (id, password, repeated, newPassword) => models.users.changePassword(id, password, repeated, newPassword); + store.changePasswordWithRecovery = (email, recoveryToken, newPassword) => models.users.changePasswordWithRecovery(email, recoveryToken, newPassword); store.initialized = initialize(store); return store; diff --git a/store/query/changePasswordWithRecovery.js b/store/query/changePasswordWithRecovery.js new file mode 100644 index 0000000..d68438c --- /dev/null +++ b/store/query/changePasswordWithRecovery.js @@ -0,0 +1,20 @@ +const passwordHash = require('../util/passwordHash'); + +module.exports = async function(email, recoveryToken, newPassword) { + const user = await this.getByEmail(email); + const rawUser = await this.findById(user.id); + console.log(recoveryToken); + console.log(rawUser.resetPasswordToken); + if (rawUser.resetPasswordToken && recoveryToken == rawUser.resetPasswordToken) { + try { + rawUser.password = newPassword; + rawUser.resetPasswordToken = null; + await rawUser.validateSync(); + await rawUser.save(); + } catch (e) { + throw new Error(e); + } + } else { + throw new Error('Recovery token was wrong or expired.'); + } +}; From ea06a99f00f0fe1c2f451bb61afbd752786c415e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikolaj=20Schl=C3=BCter?= Date: Tue, 1 Aug 2017 15:02:17 +0200 Subject: [PATCH 2/2] Remove console.logs --- api/controllers/confirmRecovery.js | 1 - api/controllers/recovery.js | 3 +-- store/query/changePasswordWithRecovery.js | 2 -- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/api/controllers/confirmRecovery.js b/api/controllers/confirmRecovery.js index 483c437..387f90b 100644 --- a/api/controllers/confirmRecovery.js +++ b/api/controllers/confirmRecovery.js @@ -6,7 +6,6 @@ module.exports = function(store) { await store.changePasswordWithRecovery(email, recoveryToken, password); return res.success(); } catch (e) { - console.log(e); return next(e); } }; diff --git a/api/controllers/recovery.js b/api/controllers/recovery.js index 1d3b6cf..3e39bbb 100644 --- a/api/controllers/recovery.js +++ b/api/controllers/recovery.js @@ -6,8 +6,7 @@ module.exports = function(store, config) { return async function(req, res) { try { const recoveryToken = await store.requestRecoveryToken(req.params.email); - console.log(recoveryToken); - const user = await store.getByEmail(req.params.email) + const user = await store.getByEmail(req.params.email); mail.recover(config.smtp, recoveryToken, config.appName, config.passwordRecoveryUrl, config.logoLink, user); res.success(); } catch (e) { diff --git a/store/query/changePasswordWithRecovery.js b/store/query/changePasswordWithRecovery.js index d68438c..05ff129 100644 --- a/store/query/changePasswordWithRecovery.js +++ b/store/query/changePasswordWithRecovery.js @@ -3,8 +3,6 @@ const passwordHash = require('../util/passwordHash'); module.exports = async function(email, recoveryToken, newPassword) { const user = await this.getByEmail(email); const rawUser = await this.findById(user.id); - console.log(recoveryToken); - console.log(rawUser.resetPasswordToken); if (rawUser.resetPasswordToken && recoveryToken == rawUser.resetPasswordToken) { try { rawUser.password = newPassword;