overleaf/services/web/app/coffee/Features/Security/OneTimeTokenHandler.coffee

Settings = require('settings-sharelatex')
redis = require("redis-sharelatex")
rclient = redis.createClient(Settings.redis.web)
crypto = require("crypto")
logger = require("logger-sharelatex")

ONE_HOUR_IN_S = 60 * 60

buildKey = (token)-> return "password_token:#{token}"

module.exports =

	getNewToken: (value, options = {}, callback)->
		# options is optional
		if typeof options == "function"
			callback = options
			options = {}
		expiresIn = options.expiresIn or ONE_HOUR_IN_S
		logger.log value:value, "generating token for password reset"
		token = crypto.randomBytes(32).toString("hex")
		multi = rclient.multi()
		multi.set buildKey(token), value
		multi.expire buildKey(token), expiresIn
		multi.exec (err)->
			callback(err, token)

	getValueFromTokenAndExpire: (token, callback)->
		logger.log token:token, "getting user id from password token"
		multi = rclient.multi()
		multi.get buildKey(token)
		multi.del buildKey(token)
		multi.exec (err, results)->
			callback err, results[0]
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`Settings = require('settings-sharelatex')`
v1 of sentinal support 2014-09-26 09:52:00 -04:00			`redis = require("redis-sharelatex")`
			`rclient = redis.createClient(Settings.redis.web)`
Use crypto.randomBytes 2014-05-16 05:52:31 -04:00			`crypto = require("crypto")`
added some logging 2014-05-15 13:08:21 -04:00			`logger = require("logger-sharelatex")`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
token based reset works 2014-05-15 12:58:25 -04:00			`ONE_HOUR_IN_S = 60 * 60`

			`buildKey = (token)-> return "password_token:#{token}"`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
			`module.exports =`

make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 10:24:09 -04:00			`getNewToken: (value, options = {}, callback)->`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`# options is optional`
			`if typeof options == "function"`
			`callback = options`
			`options = {}`
			`expiresIn = options.expiresIn or ONE_HOUR_IN_S`
make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 10:24:09 -04:00			`logger.log value:value, "generating token for password reset"`
Use crypto.randomBytes 2014-05-16 05:52:31 -04:00			`token = crypto.randomBytes(32).toString("hex")`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`multi = rclient.multi()`
make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 10:24:09 -04:00			`multi.set buildKey(token), value`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`multi.expire buildKey(token), expiresIn`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`multi.exec (err)->`
			`callback(err, token)`

make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 10:24:09 -04:00			`getValueFromTokenAndExpire: (token, callback)->`
added some logging 2014-05-15 13:08:21 -04:00			`logger.log token:token, "getting user id from password token"`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`multi = rclient.multi()`
token based reset works 2014-05-15 12:58:25 -04:00			`multi.get buildKey(token)`
			`multi.del buildKey(token)`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`multi.exec (err, results)->`
			`callback err, results[0]`