2014-05-15 15:50:38 +00:00
|
|
|
PasswordResetHandler = require("./PasswordResetHandler")
|
2014-05-16 09:31:33 +00:00
|
|
|
RateLimiter = require("../../infrastructure/RateLimiter")
|
2014-08-08 10:41:54 +00:00
|
|
|
logger = require "logger-sharelatex"
|
2014-05-15 15:20:23 +00:00
|
|
|
|
|
|
|
module.exports =
|
|
|
|
|
2014-05-15 15:50:38 +00:00
|
|
|
renderRequestResetForm: (req, res)->
|
|
|
|
res.render "user/passwordReset",
|
2014-08-01 12:47:14 +00:00
|
|
|
title:"reset_password"
|
2014-05-15 15:20:23 +00:00
|
|
|
|
2014-05-15 15:50:38 +00:00
|
|
|
requestReset: (req, res)->
|
2014-06-10 16:54:29 +00:00
|
|
|
email = req.body.email.trim().toLowerCase()
|
2014-05-16 09:31:33 +00:00
|
|
|
opts =
|
2014-06-25 09:46:58 +00:00
|
|
|
endpointName: "password_reset_rate_limit"
|
|
|
|
timeInterval: 60
|
|
|
|
subjectName: req.ip
|
|
|
|
throttle: 6
|
2014-10-30 08:33:18 +00:00
|
|
|
RateLimiter.addCount opts, (err, canContinue)->
|
|
|
|
if !canContinue
|
2014-08-01 13:03:38 +00:00
|
|
|
return res.send 500, { message: req.i18n.translate("rate_limit_hit_wait")}
|
2014-08-08 10:41:54 +00:00
|
|
|
PasswordResetHandler.generateAndEmailResetToken email, (err, exists)->
|
2014-05-16 09:31:33 +00:00
|
|
|
if err?
|
2014-05-16 10:04:48 +00:00
|
|
|
res.send 500, {message:err?.message}
|
2014-08-08 10:41:54 +00:00
|
|
|
else if exists
|
2014-05-16 09:31:33 +00:00
|
|
|
res.send 200
|
2014-08-08 10:41:54 +00:00
|
|
|
else
|
|
|
|
res.send 404, {message: req.i18n.translate("cant_find_email")}
|
2014-05-15 15:20:23 +00:00
|
|
|
|
2014-05-15 15:50:38 +00:00
|
|
|
renderSetPasswordForm: (req, res)->
|
|
|
|
res.render "user/setPassword",
|
2014-08-01 12:47:14 +00:00
|
|
|
title:"set_password"
|
2014-05-15 16:16:20 +00:00
|
|
|
passwordResetToken:req.query.passwordResetToken
|
2014-05-15 15:20:23 +00:00
|
|
|
|
2014-05-15 15:50:38 +00:00
|
|
|
setNewUserPassword: (req, res)->
|
2014-05-15 16:16:20 +00:00
|
|
|
{passwordResetToken, password} = req.body
|
2014-05-16 10:04:48 +00:00
|
|
|
if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0
|
2014-10-08 16:18:24 +00:00
|
|
|
return res.send 400
|
|
|
|
PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err, found) ->
|
|
|
|
return next(err) if err?
|
|
|
|
if found
|
|
|
|
res.send 200
|
2014-05-15 15:50:38 +00:00
|
|
|
else
|
2014-10-08 16:18:24 +00:00
|
|
|
res.send 404, {message: req.i18n.translate("password_reset_token_expired")}
|