overleaf/services/web/app/src/Features/PasswordReset/PasswordResetHandler.js

const settings = require('settings-sharelatex')
const UserAuditLogHandler = require('../User/UserAuditLogHandler')
const UserGetter = require('../User/UserGetter')
const OneTimeTokenHandler = require('../Security/OneTimeTokenHandler')
const EmailHandler = require('../Email/EmailHandler')
const AuthenticationManager = require('../Authentication/AuthenticationManager')
const { callbackify, promisify } = require('util')

function generateAndEmailResetToken(email, callback) {
  UserGetter.getUserByAnyEmail(email, (err, user) => {
    if (err || !user) {
      return callback(err, null)
    }
    if (user.email !== email) {
      return callback(null, 'secondary')
    }
    const data = { user_id: user._id.toString(), email: email }
    OneTimeTokenHandler.getNewToken('password', data, (err, token) => {
      if (err) {
        return callback(err)
      }
      const emailOptions = {
        to: email,
        setNewPasswordUrl: `${
          settings.siteUrl
        }/user/password/set?passwordResetToken=${token}&email=${encodeURIComponent(
          email
        )}`
      }
      EmailHandler.sendEmail('passwordResetRequested', emailOptions, err => {
        if (err) {
          return callback(err)
        }
        callback(null, 'primary')
      })
    })
  })
}

function getUserForPasswordResetToken(token, callback) {
  OneTimeTokenHandler.getValueFromTokenAndExpire(
    'password',
    token,
    (err, data) => {
      if (err != null) {
        if (err.name === 'NotFoundError') {
          return callback(null, null)
        } else {
          return callback(err)
        }
      }
      if (data == null || data.email == null) {
        return callback(null, null)
      }
      UserGetter.getUserByMainEmail(
        data.email,
        { _id: 1, 'overleaf.id': 1, email: 1 },
        (err, user) => {
          if (err != null) {
            callback(err)
          } else if (user == null) {
            callback(null, null)
          } else if (
            data.user_id != null &&
            data.user_id === user._id.toString()
          ) {
            callback(null, user)
          } else if (
            data.v1_user_id != null &&
            user.overleaf != null &&
            data.v1_user_id === user.overleaf.id
          ) {
            callback(null, user)
          } else {
            callback(null, null)
          }
        }
      )
    }
  )
}

async function setNewUserPassword(token, password, auditLog) {
  const user = await PasswordResetHandler.promises.getUserForPasswordResetToken(
    token
  )

  if (!user) {
    return {
      found: false,
      reset: false,
      userId: null
    }
  }

  const reset = await AuthenticationManager.promises.setUserPassword(
    user,
    password
  )

  await UserAuditLogHandler.promises.addEntry(
    user._id,
    'reset-password',
    auditLog.initiatorId,
    auditLog.ip
  )

  return { found: true, reset, userId: user._id }
}

const PasswordResetHandler = {
  generateAndEmailResetToken,

  setNewUserPassword: callbackify(setNewUserPassword),

  getUserForPasswordResetToken
}

PasswordResetHandler.promises = {
  getUserForPasswordResetToken: promisify(
    PasswordResetHandler.getUserForPasswordResetToken
  ),
  setNewUserPassword
}

module.exports = PasswordResetHandler
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const settings = require('settings-sharelatex')`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`const UserAuditLogHandler = require('../User/UserAuditLogHandler')`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const UserGetter = require('../User/UserGetter')`
			`const OneTimeTokenHandler = require('../Security/OneTimeTokenHandler')`
			`const EmailHandler = require('../Email/EmailHandler')`
			`const AuthenticationManager = require('../Authentication/AuthenticationManager')`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`const { callbackify, promisify } = require('util')`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`function generateAndEmailResetToken(email, callback) {`
			`UserGetter.getUserByAnyEmail(email, (err, user) => {`
			`if (err \|\| !user) {`
			`return callback(err, null)`
			`}`
			`if (user.email !== email) {`
			`return callback(null, 'secondary')`
			`}`
			`const data = { user_id: user._id.toString(), email: email }`
			`OneTimeTokenHandler.getNewToken('password', data, (err, token) => {`
			`if (err) {`
			`return callback(err)`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`}`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`const emailOptions = {`
			`to: email,`
			setNewPasswordUrl: `${
			`settings.siteUrl`
			`}/user/password/set?passwordResetToken=${token}&email=${encodeURIComponent(`
			`email`
			)}`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`}`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`EmailHandler.sendEmail('passwordResetRequested', emailOptions, err => {`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`if (err) {`
			`return callback(err)`
			`}`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`callback(null, 'primary')`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`})`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`})`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`})`
			`}`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`function getUserForPasswordResetToken(token, callback) {`
			`OneTimeTokenHandler.getValueFromTokenAndExpire(`
			`'password',`
			`token,`
			`(err, data) => {`
			`if (err != null) {`
			`if (err.name === 'NotFoundError') {`
			`return callback(null, null)`
			`} else {`
			`return callback(err)`
			`}`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`}`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`if (data == null \|\| data.email == null) {`
			`return callback(null, null)`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`}`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`UserGetter.getUserByMainEmail(`
			`data.email,`
Merge pull request #3234 from overleaf/sk-fix-password-validation-email Overhaul password validation GitOrigin-RevId: a591c4e192e30a0ac053eab6f80627543a8a92fe 2020-10-22 04:11:43 -04:00			`{ _id: 1, 'overleaf.id': 1, email: 1 },`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`(err, user) => {`
			`if (err != null) {`
			`callback(err)`
			`} else if (user == null) {`
			`callback(null, null)`
			`} else if (`
			`data.user_id != null &&`
			`data.user_id === user._id.toString()`
			`) {`
			`callback(null, user)`
			`} else if (`
			`data.v1_user_id != null &&`
			`user.overleaf != null &&`
			`data.v1_user_id === user.overleaf.id`
			`) {`
			`callback(null, user)`
			`} else {`
			`callback(null, null)`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`}`
			`}`
			`)`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`}`
			`)`
			`}`
Merge pull request #1950 from overleaf/em-password-reset Fetch user by email when validating password reset GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d 2019-07-16 05:10:18 -04:00
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`async function setNewUserPassword(token, password, auditLog) {`
			`const user = await PasswordResetHandler.promises.getUserForPasswordResetToken(`
			`token`
			`)`

			`if (!user) {`
			`return {`
			`found: false,`
			`reset: false,`
			`userId: null`
			`}`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00
Merge pull request #3234 from overleaf/sk-fix-password-validation-email Overhaul password validation GitOrigin-RevId: a591c4e192e30a0ac053eab6f80627543a8a92fe 2020-10-22 04:11:43 -04:00			`const reset = await AuthenticationManager.promises.setUserPassword(`
			`user,`
			`password`
			`)`

Merge pull request #3078 from overleaf/jel-log-password-reset-by-token Update audit log when password reset by token GitOrigin-RevId: 2ae7f59c5cdf2723e541a99c58c36564cc82adbf 2020-08-13 09:42:28 -04:00			`await UserAuditLogHandler.promises.addEntry(`
			`user._id,`
			`'reset-password',`
			`auditLog.initiatorId,`
			`auditLog.ip`
			`)`

			`return { found: true, reset, userId: user._id }`
			`}`

			`const PasswordResetHandler = {`
			`generateAndEmailResetToken,`

			`setNewUserPassword: callbackify(setNewUserPassword),`

			`getUserForPasswordResetToken`
			`}`

			`PasswordResetHandler.promises = {`
			`getUserForPasswordResetToken: promisify(`
			`PasswordResetHandler.getUserForPasswordResetToken`
			`),`
			`setNewUserPassword`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00
			`module.exports = PasswordResetHandler`