overleaf/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee

PasswordResetHandler = require("./PasswordResetHandler")
RateLimiter = require("../../infrastructure/RateLimiter")


module.exports =

	renderRequestResetForm: (req, res)->
		res.render "user/passwordReset", 
			title:"Reset Password"

	requestReset: (req, res)->
		email = req.body.email.trim()
		opts = 
			endpointName:"auto_compile"
			timeInterval:60
			subjectName:email
			throttle: 3
		RateLimiter.addCount opts, (err, canCompile)->
			if !canCompile
				return res.send 500
			PasswordResetHandler.generateAndEmailResetToken email, (err)->
				if err?
					res.send 500, {message:err?.message}
				else
					res.send 200

	renderSetPasswordForm: (req, res)->
		res.render "user/setPassword", 
			title:"Set Password"
			passwordResetToken:req.query.passwordResetToken

	setNewUserPassword: (req, res)->
		{passwordResetToken, password} = req.body
		if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0
			return res.send 500
		PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err)->
			if err?
				res.send 500
			else
				res.send 200
written password reset controller 2014-05-15 11:50:38 -04:00			`PasswordResetHandler = require("./PasswordResetHandler")`
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`RateLimiter = require("../../infrastructure/RateLimiter")`

written password reset handler 2014-05-15 11:20:23 -04:00
			`module.exports =`

written password reset controller 2014-05-15 11:50:38 -04:00			`renderRequestResetForm: (req, res)->`
			`res.render "user/passwordReset",`
			`title:"Reset Password"`
written password reset handler 2014-05-15 11:20:23 -04:00
written password reset controller 2014-05-15 11:50:38 -04:00			`requestReset: (req, res)->`
			`email = req.body.email.trim()`
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`opts =`
			`endpointName:"auto_compile"`
			`timeInterval:60`
			`subjectName:email`
			`throttle: 3`
			`RateLimiter.addCount opts, (err, canCompile)->`
			`if !canCompile`
			`return res.send 500`
			`PasswordResetHandler.generateAndEmailResetToken email, (err)->`
			`if err?`
hooked up the frount end ui to show the email can not be found, added client side valdidation on password, removed server side min length check. Just check that it is not 0 len 2014-05-16 06:04:48 -04:00			`res.send 500, {message:err?.message}`
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`else`
			`res.send 200`
written password reset handler 2014-05-15 11:20:23 -04:00
written password reset controller 2014-05-15 11:50:38 -04:00			`renderSetPasswordForm: (req, res)->`
			`res.render "user/setPassword",`
			`title:"Set Password"`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`passwordResetToken:req.query.passwordResetToken`
written password reset handler 2014-05-15 11:20:23 -04:00
written password reset controller 2014-05-15 11:50:38 -04:00			`setNewUserPassword: (req, res)->`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`{passwordResetToken, password} = req.body`
hooked up the frount end ui to show the email can not be found, added client side valdidation on password, removed server side min length check. Just check that it is not 0 len 2014-05-16 06:04:48 -04:00			`if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0`
written password reset controller 2014-05-15 11:50:38 -04:00			`return res.send 500`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err)->`
written password reset controller 2014-05-15 11:50:38 -04:00			`if err?`
			`res.send 500`
			`else`
			`res.send 200`