overleaf/services/web/app/src/Features/PasswordReset/PasswordResetHandler.js

const settings = require('settings-sharelatex')
const UserGetter = require('../User/UserGetter')
const OneTimeTokenHandler = require('../Security/OneTimeTokenHandler')
const EmailHandler = require('../Email/EmailHandler')
const AuthenticationManager = require('../Authentication/AuthenticationManager')
const logger = require('logger-sharelatex')
const V1Api = require('../V1/V1Api')

const PasswordResetHandler = {
  generateAndEmailResetToken(email, callback) {
    PasswordResetHandler._getPasswordResetData(email, function(
      error,
      exists,
      data
    ) {
      if (error != null) {
        callback(error)
      } else if (exists) {
        OneTimeTokenHandler.getNewToken('password', data, function(err, token) {
          if (err) {
            return callback(err)
          }
          const emailOptions = {
            to: email,
            setNewPasswordUrl: `${
              settings.siteUrl
            }/user/password/set?passwordResetToken=${token}&email=${encodeURIComponent(
              email
            )}`
          }
          EmailHandler.sendEmail(
            'passwordResetRequested',
            emailOptions,
            function(error) {
              if (error != null) {
                return callback(error)
              }
              callback(null, 'primary')
            }
          )
        })
      } else {
        UserGetter.getUserByAnyEmail(email, function(err, user) {
          if (err != null) {
            return callback(err)
          }
          if (!user) {
            callback(null, null)
          } else if (user.overleaf == null || user.overleaf.id == null) {
            callback(null, 'sharelatex')
          } else {
            callback(null, 'secondary')
          }
        })
      }
    })
  },

  setNewUserPassword(token, password, callback) {
    PasswordResetHandler.getUserForPasswordResetToken(
      token,
      (err, user, version) => {
        if (err != null) {
          return callback(err)
        }
        if (user == null) {
          return callback(null, false, null)
        }
        AuthenticationManager.setUserPassword(
          user._id,
          password,
          (err, reset) => {
            if (err) {
              return callback(err)
            }
            callback(null, reset, user._id)
          }
        )
      }
    )
  },

  getUserForPasswordResetToken(token, callback) {
    OneTimeTokenHandler.getValueFromTokenAndExpire(
      'password',
      token,
      (err, data) => {
        if (err != null) {
          if (err.name === 'NotFoundError') {
            return callback(null, null)
          } else {
            return callback(err)
          }
        }
        if (data == null || data.email == null) {
          return callback(null, null)
        }
        UserGetter.getUserByMainEmail(
          data.email,
          { _id: 1, 'overleaf.id': 1 },
          (err, user) => {
            if (err != null) {
              callback(err)
            } else if (user == null) {
              callback(null, null)
            } else if (
              data.user_id != null &&
              data.user_id === user._id.toString()
            ) {
              callback(null, user, 'v2')
            } else if (
              data.v1_user_id != null &&
              user.overleaf != null &&
              data.v1_user_id === user.overleaf.id
            ) {
              callback(null, user, 'v1')
            } else {
              callback(null, null)
            }
          }
        )
      }
    )
  },

  _getPasswordResetData(email, callback) {
    if (settings.overleaf != null) {
      // Overleaf v2
      V1Api.request(
        {
          url: '/api/v1/sharelatex/user_emails',
          qs: {
            email
          },
          expectedStatusCodes: [404]
        },
        function(error, response, body) {
          if (error != null) {
            return callback(error)
          }
          if (response.statusCode === 404) {
            callback(null, false)
          } else {
            callback(null, true, { v1_user_id: body.user_id, email: email })
          }
        }
      )
    } else {
      // ShareLaTeX
      UserGetter.getUserByMainEmail(email, function(err, user) {
        if (err) {
          return callback(err)
        }
        if (user == null || user.holdingAccount || user.overleaf != null) {
          logger.err({ email }, 'user could not be found for password reset')
          return callback(null, false)
        }
        callback(null, true, { user_id: user._id, email: email })
      })
    }
  }
}

module.exports = PasswordResetHandler
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const settings = require('settings-sharelatex')`
			`const UserGetter = require('../User/UserGetter')`
			`const OneTimeTokenHandler = require('../Security/OneTimeTokenHandler')`
			`const EmailHandler = require('../Email/EmailHandler')`
			`const AuthenticationManager = require('../Authentication/AuthenticationManager')`
			`const logger = require('logger-sharelatex')`
			`const V1Api = require('../V1/V1Api')`

Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`const PasswordResetHandler = {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`generateAndEmailResetToken(email, callback) {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`PasswordResetHandler._getPasswordResetData(email, function(`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`error,`
			`exists,`
			`data`
			`) {`
			`if (error != null) {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`callback(error)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`} else if (exists) {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`OneTimeTokenHandler.getNewToken('password', data, function(err, token) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`if (err) {`
			`return callback(err)`
			`}`
			`const emailOptions = {`
			`to: email,`
			setNewPasswordUrl: `${
			`settings.siteUrl`
			`}/user/password/set?passwordResetToken=${token}&email=${encodeURIComponent(`
			`email`
			)}`
			`}`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`EmailHandler.sendEmail(`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`'passwordResetRequested',`
			`emailOptions,`
			`function(error) {`
			`if (error != null) {`
			`return callback(error)`
			`}`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`callback(null, 'primary')`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
			`)`
			`})`
			`} else {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`UserGetter.getUserByAnyEmail(email, function(err, user) {`
			`if (err != null) {`
			`return callback(err)`
			`}`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`if (!user) {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`callback(null, null)`
			`} else if (user.overleaf == null \|\| user.overleaf.id == null) {`
			`callback(null, 'sharelatex')`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`} else {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`callback(null, 'secondary')`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
			`})`
			`}`
			`})`
			`},`

			`setNewUserPassword(token, password, callback) {`
Merge pull request #1950 from overleaf/em-password-reset Fetch user by email when validating password reset GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d 2019-07-16 05:10:18 -04:00			`PasswordResetHandler.getUserForPasswordResetToken(`
			`token,`
			`(err, user, version) => {`
			`if (err != null) {`
			`return callback(err)`
			`}`
			`if (user == null) {`
			`return callback(null, false, null)`
			`}`
			`AuthenticationManager.setUserPassword(`
			`user._id,`
			`password,`
			`(err, reset) => {`
			`if (err) {`
			`return callback(err)`
			`}`
			`callback(null, reset, user._id)`
			`}`
			`)`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`}`
Merge pull request #1950 from overleaf/em-password-reset Fetch user by email when validating password reset GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d 2019-07-16 05:10:18 -04:00			`)`
			`},`

			`getUserForPasswordResetToken(token, callback) {`
			`OneTimeTokenHandler.getValueFromTokenAndExpire(`
			`'password',`
			`token,`
			`(err, data) => {`
			`if (err != null) {`
			`if (err.name === 'NotFoundError') {`
			`return callback(null, null)`
			`} else {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`return callback(err)`
			`}`
Merge pull request #1950 from overleaf/em-password-reset Fetch user by email when validating password reset GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d 2019-07-16 05:10:18 -04:00			`}`
			`if (data == null \|\| data.email == null) {`
			`return callback(null, null)`
			`}`
			`UserGetter.getUserByMainEmail(`
			`data.email,`
			`{ _id: 1, 'overleaf.id': 1 },`
			`(err, user) => {`
			`if (err != null) {`
			`callback(err)`
			`} else if (user == null) {`
			`callback(null, null)`
			`} else if (`
			`data.user_id != null &&`
			`data.user_id === user._id.toString()`
			`) {`
			`callback(null, user, 'v2')`
			`} else if (`
			`data.v1_user_id != null &&`
			`user.overleaf != null &&`
			`data.v1_user_id === user.overleaf.id`
			`) {`
			`callback(null, user, 'v1')`
			`} else {`
			`callback(null, null)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`}`
			`)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #1950 from overleaf/em-password-reset Fetch user by email when validating password reset GitOrigin-RevId: 9f113f1393e322611b1e7af5aec1ac25a38a122d 2019-07-16 05:10:18 -04:00			`)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`},`

			`_getPasswordResetData(email, callback) {`
			`if (settings.overleaf != null) {`
			`// Overleaf v2`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`V1Api.request(`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`{`
			`url: '/api/v1/sharelatex/user_emails',`
			`qs: {`
			`email`
			`},`
			`expectedStatusCodes: [404]`
			`},`
			`function(error, response, body) {`
			`if (error != null) {`
			`return callback(error)`
			`}`
			`if (response.statusCode === 404) {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`callback(null, false)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`} else {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`callback(null, true, { v1_user_id: body.user_id, email: email })`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
			`}`
			`)`
			`} else {`
			`// ShareLaTeX`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`UserGetter.getUserByMainEmail(email, function(err, user) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`if (err) {`
			`return callback(err)`
			`}`
			`if (user == null \|\| user.holdingAccount \|\| user.overleaf != null) {`
			`logger.err({ email }, 'user could not be found for password reset')`
			`return callback(null, false)`
			`}`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`callback(null, true, { user_id: user._id, email: email })`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`})`
			`}`
			`}`
			`}`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00
			`module.exports = PasswordResetHandler`