Finished up with email password reset system.

2024-12-28 15:36:42 -05:00 · 2024-12-28 15:36:42 -05:00 · 478edeeddf
commit 478edeeddf
parent 3671b43789
13 changed files with 233 additions and 34 deletions
--- a/src/controllers/api/account/passwordResetController.js
+++ b/src/controllers/api/account/passwordResetController.js
@ -14,18 +14,16 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.*/

-//Config
-const config = require('../../../../config.json');
-
 //NPM Imports
 const {validationResult, matchedData} = require('express-validator');

 //local imports
 const passwordResetModel = require('../../../schemas/passwordResetSchema');
-const altchaUtils = require('../../../utils/altchaUtils');
 const sessionUtils = require('../../../utils/sessionUtils');
+const altchaUtils = require('../../../utils/altchaUtils');
 const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');

+//gateway for resetting password
 module.exports.post = async function(req, res){
    try{
        //Check for validation errors
--- a/src/controllers/api/account/passwordResetRequestController.js
+++ b/src/controllers/api/account/passwordResetRequestController.js
@ -0,0 +1,88 @@
+/*Canopy - The next generation of stoner streaming software
+Copyright (C) 2024  Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
+
+//Config
+const config = require('../../../../config.json');
+
+//NPM Imports
+const {validationResult, matchedData} = require('express-validator');
+
+//local imports
+const {userModel} = require('../../../schemas/userSchema');
+const passwordResetModel = require('../../../schemas/passwordResetSchema');
+const mailUtils = require('../../../utils/mailUtils');
+const altchaUtils = require('../../../utils/altchaUtils');
+const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
+
+//Gateway for generating request token and having it emailed to the user
+module.exports.post = async function(req, res){
+    try{
+        //Check for validation errors
+        const validResult = validationResult(req);
+
+        //If there are none
+        if(validResult.isEmpty()){
+            //Get sanatized/validated data
+            const {user} = matchedData(req);
+            //Verify Altcha Payload
+            const verified = await altchaUtils.verify(req.body.verification);
+
+            //If altcha verification failed
+            if(!verified){
+                return errorHandler(res, 'Altcha verification failed, Please refresh the page!', 'unauthorized');
+            }
+
+            //Play dumb, don't let them know how long this request takes or what happens.
+            res.sendStatus(200);
+
+            //Find user model from DB
+            const userDB = await userModel.findOne({user});
+
+            //If we have an invalid user
+            if(userDB == null){
+                return;
+            }
+
+            //If this user has no registered email
+            if(userDB.email == null || userDB.email == ""){
+                //Play dumb
+                return;
+            }
+
+            //Generate the password reset link
+            const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: req.ip});
+
+            //Send the reset url via email
+            const mailInfo = await mailUtils.mailem(
+                userDB.email,
+                `Password Reset Request - ${userDB.user}`,
+                `<h1>Password Reset Request</h1>
+                <p>A password reset request for the ${config.instanceName} account '${userDB.user}' has been requested.<br>
+                <a href="${requestDB.getResetURL()}">Click here</a> to reset your password.</p>
+                <sup>If you received this email without request, please contact the server adminsitrator! -Tokebot</sup>`,
+                true
+            );
+
+            //Wash our hands of the request
+            return;
+        }else{
+            res.status(400);
+            return res.send({errors: validResult.array()});
+        }
+    }catch(err){
+        return exceptionHandler(res, err);
+    }
+}
--- a/src/controllers/api/admin/passwordResetController.js
+++ b/src/controllers/api/admin/passwordResetController.js
@ -41,9 +41,9 @@ module.exports.post = async function(req, res){
            }

            //Generate the password reset link
-            const requestDB = await passwordResetModel.create({user: userDB._id});
+            const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: req.ip});

-            //send successful response
+            //send URL
            res.status(200);
            return res.send({url: requestDB.getResetURL()});
        //otherwise scream