mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-17 14:47:53 +01:00
Client: Port Reset Password Page (#9057)
* start work on porting the reset password page * add new api route for setting a new password after a reset * wip client page * port tests * wip * fix linting * skip tests
This commit is contained in:
Matteo Pagliazzi
GitHub
@@ -1,22 +1,10 @@
|
||||
import locals from '../../middlewares/locals';
|
||||
import { validatePasswordResetCodeAndFindUser, convertToBcrypt} from '../../libs/password';
|
||||
import { validatePasswordResetCodeAndFindUser } from '../../libs/password';
|
||||
|
||||
let api = {};
|
||||
|
||||
// Internal authentication routes
|
||||
|
||||
function renderPasswordResetPage (options = {}) {
|
||||
// res is express' res, error any error and success if the password was successfully changed
|
||||
let {res, hasError, success = false, message} = options;
|
||||
|
||||
return res.status(hasError ? 401 : 200).render('auth/reset-password-set-new-one.jade', {
|
||||
env: res.locals.habitrpg,
|
||||
success,
|
||||
hasError,
|
||||
message, // can be error or success message
|
||||
});
|
||||
}
|
||||
|
||||
// Set a new password after having requested a password reset (GET route to input password)
|
||||
api.resetPasswordSetNewOne = {
|
||||
method: 'GET',
|
||||
@@ -24,63 +12,14 @@ api.resetPasswordSetNewOne = {
|
||||
middlewares: [locals],
|
||||
runCron: false,
|
||||
async handler (req, res) {
|
||||
let user = await validatePasswordResetCodeAndFindUser(req.query.code);
|
||||
let isValidCode = Boolean(user);
|
||||
const code = req.query.code;
|
||||
const user = await validatePasswordResetCodeAndFindUser(code);
|
||||
const isValidCode = Boolean(user);
|
||||
|
||||
return renderPasswordResetPage({
|
||||
res,
|
||||
hasError: !isValidCode,
|
||||
message: !isValidCode ? res.t('invalidPasswordResetCode') : null,
|
||||
});
|
||||
},
|
||||
};
|
||||
const hasError = !isValidCode;
|
||||
const message = !isValidCode ? res.t('invalidPasswordResetCode') : null;
|
||||
|
||||
// Set a new password after having requested a password reset (POST route to save password)
|
||||
api.resetPasswordSetNewOneSubmit = {
|
||||
method: 'POST',
|
||||
url: '/static/user/auth/local/reset-password-set-new-one',
|
||||
middlewares: [locals],
|
||||
runCron: false,
|
||||
async handler (req, res) {
|
||||
let user = await validatePasswordResetCodeAndFindUser(req.query.code);
|
||||
let isValidCode = Boolean(user);
|
||||
|
||||
if (!isValidCode) return renderPasswordResetPage({
|
||||
res,
|
||||
hasError: true,
|
||||
message: res.t('invalidPasswordResetCode'),
|
||||
});
|
||||
|
||||
let newPassword = req.body.newPassword;
|
||||
let confirmPassword = req.body.confirmPassword;
|
||||
|
||||
if (!newPassword) {
|
||||
return renderPasswordResetPage({
|
||||
res,
|
||||
hasError: true,
|
||||
message: res.t('missingNewPassword'),
|
||||
});
|
||||
}
|
||||
|
||||
if (newPassword !== confirmPassword) {
|
||||
return renderPasswordResetPage({
|
||||
res,
|
||||
hasError: true,
|
||||
message: res.t('passwordConfirmationMatch'),
|
||||
});
|
||||
}
|
||||
|
||||
// set new password and make sure it's using bcrypt for hashing
|
||||
await convertToBcrypt(user, String(newPassword));
|
||||
user.auth.local.passwordResetCode = undefined; // Reset saved password reset code
|
||||
await user.save();
|
||||
|
||||
return renderPasswordResetPage({
|
||||
res,
|
||||
hasError: false,
|
||||
success: true,
|
||||
message: res.t('passwordChangeSuccess'),
|
||||
});
|
||||
return res.redirect(`/reset-password?hasError=${hasError}&message=${message}&code=${code}`);
|
||||
},
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user