2019-05-29 05:21:06 -04:00
|
|
|
const PasswordResetHandler = require('./PasswordResetHandler')
|
|
|
|
const RateLimiter = require('../../infrastructure/RateLimiter')
|
|
|
|
const AuthenticationController = require('../Authentication/AuthenticationController')
|
|
|
|
const AuthenticationManager = require('../Authentication/AuthenticationManager')
|
|
|
|
const UserGetter = require('../User/UserGetter')
|
|
|
|
const UserUpdater = require('../User/UserUpdater')
|
|
|
|
const UserSessionsManager = require('../User/UserSessionsManager')
|
|
|
|
const logger = require('logger-sharelatex')
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
renderRequestResetForm(req, res) {
|
2019-07-04 08:40:12 -04:00
|
|
|
res.render('user/passwordReset', { title: 'reset_password' })
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
2019-07-04 08:40:12 -04:00
|
|
|
requestReset(req, res, next) {
|
2019-05-29 05:21:06 -04:00
|
|
|
const email = req.body.email.trim().toLowerCase()
|
|
|
|
const opts = {
|
|
|
|
endpointName: 'password_reset_rate_limit',
|
|
|
|
timeInterval: 60,
|
|
|
|
subjectName: req.ip,
|
|
|
|
throttle: 6
|
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
RateLimiter.addCount(opts, (err, canContinue) => {
|
2019-07-04 08:40:12 -04:00
|
|
|
if (err != null) {
|
2019-06-14 12:31:46 -04:00
|
|
|
res.send(500, { message: err.message })
|
2019-07-04 08:40:12 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
if (!canContinue) {
|
|
|
|
return res.send(429, {
|
|
|
|
message: req.i18n.translate('rate_limit_hit_wait')
|
|
|
|
})
|
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
PasswordResetHandler.generateAndEmailResetToken(email, (err, status) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err != null) {
|
2019-10-15 09:12:11 -04:00
|
|
|
logger.warn(
|
|
|
|
{ err },
|
|
|
|
'failed to generate and email password reset token'
|
|
|
|
)
|
2019-06-14 12:31:46 -04:00
|
|
|
res.send(500, { message: err.message })
|
2019-05-29 05:21:06 -04:00
|
|
|
} else if (status === 'primary') {
|
2019-07-04 08:40:12 -04:00
|
|
|
res.send(200, {
|
2019-05-29 05:21:06 -04:00
|
|
|
message: { text: req.i18n.translate('password_reset_email_sent') }
|
|
|
|
})
|
|
|
|
} else if (status === 'secondary') {
|
2019-07-04 08:40:12 -04:00
|
|
|
res.send(404, {
|
2019-05-29 05:21:06 -04:00
|
|
|
message: req.i18n.translate('secondary_email_password_reset')
|
|
|
|
})
|
|
|
|
} else {
|
2019-07-04 08:40:12 -04:00
|
|
|
res.send(404, {
|
2019-05-29 05:21:06 -04:00
|
|
|
message: req.i18n.translate('cant_find_email')
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
renderSetPasswordForm(req, res) {
|
|
|
|
if (req.query.passwordResetToken != null) {
|
|
|
|
req.session.resetToken = req.query.passwordResetToken
|
|
|
|
return res.redirect('/user/password/set')
|
|
|
|
}
|
|
|
|
if (req.session.resetToken == null) {
|
|
|
|
return res.redirect('/user/password/reset')
|
|
|
|
}
|
2019-07-04 08:40:12 -04:00
|
|
|
res.render('user/setPassword', {
|
2019-05-29 05:21:06 -04:00
|
|
|
title: 'set_password',
|
|
|
|
passwordResetToken: req.session.resetToken
|
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
setNewUserPassword(req, res, next) {
|
2019-06-14 12:31:46 -04:00
|
|
|
let { passwordResetToken, password } = req.body
|
|
|
|
if (!passwordResetToken || !password) {
|
|
|
|
return res.sendStatus(400)
|
|
|
|
}
|
|
|
|
passwordResetToken = passwordResetToken.trim()
|
|
|
|
if (AuthenticationManager.validatePassword(password) != null) {
|
2019-05-29 05:21:06 -04:00
|
|
|
return res.sendStatus(400)
|
|
|
|
}
|
|
|
|
delete req.session.resetToken
|
2019-07-04 08:40:12 -04:00
|
|
|
PasswordResetHandler.setNewUserPassword(
|
2019-06-14 12:31:46 -04:00
|
|
|
passwordResetToken,
|
|
|
|
password,
|
|
|
|
(err, found, userId) => {
|
|
|
|
if ((err && err.name === 'NotFoundError') || !found) {
|
|
|
|
return res.status(404).send('NotFoundError')
|
|
|
|
} else if (err) {
|
|
|
|
return res.status(500)
|
|
|
|
}
|
|
|
|
UserSessionsManager.revokeAllUserSessions({ _id: userId }, [], err => {
|
|
|
|
if (err != null) {
|
|
|
|
return next(err)
|
|
|
|
}
|
|
|
|
UserUpdater.removeReconfirmFlag(userId, err => {
|
|
|
|
if (err != null) {
|
|
|
|
return next(err)
|
|
|
|
}
|
2020-04-23 07:50:40 -04:00
|
|
|
if (!req.session.doLoginAfterPasswordReset) {
|
2019-06-14 12:31:46 -04:00
|
|
|
return res.sendStatus(200)
|
|
|
|
}
|
2020-04-23 07:50:40 -04:00
|
|
|
UserGetter.getUser(userId, (err, user) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err != null) {
|
|
|
|
return next(err)
|
|
|
|
}
|
2020-04-23 07:50:40 -04:00
|
|
|
AuthenticationController.finishLogin(user, req, res, err => {
|
|
|
|
if (err != null) {
|
|
|
|
logger.err(
|
|
|
|
{ err, email: user.email },
|
|
|
|
'Error setting up session after setting password'
|
|
|
|
)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-04-23 07:50:40 -04:00
|
|
|
next(err)
|
|
|
|
})
|
2019-06-14 12:31:46 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|