Finish password recovery

2014-02-01 13:03:08 -06:00 · 2014-02-01 13:03:08 -06:00 · 0603a02d2e
commit 0603a02d2e
parent 9562bc3757
6 changed files with 84 additions and 12 deletions
--- a/lib/web/account.js
+++ b/lib/web/account.js
@ -459,7 +459,7 @@ function handlePasswordResetPage(req, res) {
 }

 /**
- * Handles a POST request to reset a user"s password
+ * Handles a POST request to reset a user's password
 */
 function handlePasswordReset(req, res) {
    logRequest(req);
@ -548,7 +548,7 @@ function handlePasswordReset(req, res) {
                      "not initiate this, there is no need to take action."+
                      "  To reset your password, copy and paste the " +
                      "following link into your browser: " +
-                      Config.get("http.domain") + "/passwordrecover/"+hash;
+                      Config.get("http.domain") + "/account/passwordrecover/"+hash;

            var mail = {
                from: "CyTube Services <" + Config.get("mail.from") + ">",
@ -579,10 +579,10 @@ function handlePasswordReset(req, res) {
 }

 /**
- * Handles a request for /passwordreceover/<hash>
+ * Handles a request for /account/passwordrecover/<hash>
 */
 function handlePasswordRecover(req, res) {
-    var hash = req.query.hash;
+    var hash = req.params.hash;
    if (typeof hash !== "string") {
        res.send(400);
        return;
@ -592,7 +592,7 @@ function handlePasswordRecover(req, res) {

    db.lookupPasswordReset(hash, function (err, row) {
        if (err) {
-            sendJade(req, "account-passwordrecover", {
+            sendJade(res, "account-passwordrecover", {
                recovered: false,
                recoverErr: err,
                loginName: false
@ -601,7 +601,7 @@ function handlePasswordRecover(req, res) {
        }

        if (row.ip && row.ip !== ip) {
-            sendJade(req, "account-passwordrecover", {
+            sendJade(res, "account-passwordrecover", {
                recovered: false,
                recoverErr: "Your IP address does not match the address " +
                            "used to submit the reset request.  For your " +
@ -613,7 +613,7 @@ function handlePasswordRecover(req, res) {
        }

        if (Date.now() >= row.expire) {
-            sendJade(req, "account-passwordrecover", {
+            sendJade(res, "account-passwordrecover", {
                recovered: false,
                recoverErr: "This password recovery link has expired.  Password " +
                            "recovery links are valid only for 24 hours after " +
@ -630,7 +630,7 @@ function handlePasswordRecover(req, res) {
        }
        db.users.setPassword(row.name, newpw, function (err) {
            if (err) {
-                sendJade(req, "account-passwordrecover", {
+                sendJade(res, "account-passwordrecover", {
                    recovered: false,
                    recoverErr: "Database error.  Please contact an administrator if " +
                                "this persists.",
@ -641,7 +641,7 @@ function handlePasswordRecover(req, res) {

            db.deletePasswordReset(hash);

-            sendJade(req, "account-passwordrecover", {
+            sendJade(res, "account-passwordrecover", {
                recovered: true,
                recoverPw: newpw,
                loginName: false
@ -663,5 +663,6 @@ module.exports = {
        app.post("/account/profile", handleAccountProfile);
        app.get("/account/passwordreset", handlePasswordResetPage);
        app.post("/account/passwordreset", handlePasswordReset);
+        app.get("/account/passwordrecover/:hash", handlePasswordRecover);
    }
 };