overleaf/services/web/app/src/Features/PasswordReset/PasswordResetController.js

const PasswordResetHandler = require('./PasswordResetHandler')
const RateLimiter = require('../../infrastructure/RateLimiter')
const AuthenticationController = require('../Authentication/AuthenticationController')
const AuthenticationManager = require('../Authentication/AuthenticationManager')
const UserGetter = require('../User/UserGetter')
const UserUpdater = require('../User/UserUpdater')
const UserSessionsManager = require('../User/UserSessionsManager')
const logger = require('logger-sharelatex')

module.exports = {
  renderRequestResetForm(req, res) {
    res.render('user/passwordReset', { title: 'reset_password' })
  },

  requestReset(req, res, next) {
    const email = req.body.email.trim().toLowerCase()
    const opts = {
      endpointName: 'password_reset_rate_limit',
      timeInterval: 60,
      subjectName: req.ip,
      throttle: 6
    }
    RateLimiter.addCount(opts, (err, canContinue) => {
      if (err != null) {
        res.status(500).send({ message: err.message })
      }
      if (!canContinue) {
        return res.status(429).send({
          message: req.i18n.translate('rate_limit_hit_wait')
        })
      }
      PasswordResetHandler.generateAndEmailResetToken(email, (err, status) => {
        if (err != null) {
          logger.warn(
            { err },
            'failed to generate and email password reset token'
          )
          res.status(500).send({ message: err.message })
        } else if (status === 'primary') {
          res.status(200).send({
            message: { text: req.i18n.translate('password_reset_email_sent') }
          })
        } else if (status === 'secondary') {
          res.status(404).send({
            message: req.i18n.translate('secondary_email_password_reset')
          })
        } else {
          res.status(404).send({
            message: req.i18n.translate('cant_find_email')
          })
        }
      })
    })
  },

  renderSetPasswordForm(req, res) {
    if (req.query.passwordResetToken != null) {
      req.session.resetToken = req.query.passwordResetToken
      return res.redirect('/user/password/set')
    }
    if (req.session.resetToken == null) {
      return res.redirect('/user/password/reset')
    }
    res.render('user/setPassword', {
      title: 'set_password',
      passwordResetToken: req.session.resetToken
    })
  },

  setNewUserPassword(req, res, next) {
    let { passwordResetToken, password } = req.body
    if (!passwordResetToken || !password) {
      return res.sendStatus(400)
    }
    passwordResetToken = passwordResetToken.trim()
    if (AuthenticationManager.validatePassword(password) != null) {
      return res.sendStatus(400)
    }
    delete req.session.resetToken
    PasswordResetHandler.setNewUserPassword(
      passwordResetToken,
      password,
      (err, found, userId) => {
        if ((err && err.name === 'NotFoundError') || !found) {
          return res.status(404).send('NotFoundError')
        } else if (err) {
          return res.status(500)
        }
        UserSessionsManager.revokeAllUserSessions({ _id: userId }, [], err => {
          if (err != null) {
            return next(err)
          }
          UserUpdater.removeReconfirmFlag(userId, err => {
            if (err != null) {
              return next(err)
            }
            if (!req.session.doLoginAfterPasswordReset) {
              return res.sendStatus(200)
            }
            UserGetter.getUser(userId, (err, user) => {
              if (err != null) {
                return next(err)
              }
              AuthenticationController.finishLogin(user, req, res, err => {
                if (err != null) {
                  logger.err(
                    { err, email: user.email },
                    'Error setting up session after setting password'
                  )
                }
                next(err)
              })
            })
          })
        })
      }
    )
  }
}
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const PasswordResetHandler = require('./PasswordResetHandler')`
			`const RateLimiter = require('../../infrastructure/RateLimiter')`
			`const AuthenticationController = require('../Authentication/AuthenticationController')`
			`const AuthenticationManager = require('../Authentication/AuthenticationManager')`
			`const UserGetter = require('../User/UserGetter')`
			`const UserUpdater = require('../User/UserUpdater')`
			`const UserSessionsManager = require('../User/UserSessionsManager')`
			`const logger = require('logger-sharelatex')`

			`module.exports = {`
			`renderRequestResetForm(req, res) {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`res.render('user/passwordReset', { title: 'reset_password' })`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`},`

Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`requestReset(req, res, next) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const email = req.body.email.trim().toLowerCase()`
			`const opts = {`
			`endpointName: 'password_reset_rate_limit',`
			`timeInterval: 60,`
			`subjectName: req.ip,`
			`throttle: 6`
			`}`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`RateLimiter.addCount(opts, (err, canContinue) => {`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`if (err != null) {`
Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods [misc] fix express deprecations GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5 2020-05-06 06:02:16 -04:00			`res.status(500).send({ message: err.message })`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`}`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`if (!canContinue) {`
Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods [misc] fix express deprecations GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5 2020-05-06 06:02:16 -04:00			`return res.status(429).send({`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`message: req.i18n.translate('rate_limit_hit_wait')`
			`})`
			`}`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`PasswordResetHandler.generateAndEmailResetToken(email, (err, status) => {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`if (err != null) {`
Merge pull request #2221 from overleaf/em-ownership-transfer-emails Project ownership transfer emails GitOrigin-RevId: 3d33147c18e2d652976b3dac7453c0407c81314e 2019-10-15 09:12:11 -04:00			`logger.warn(`
			`{ err },`
			`'failed to generate and email password reset token'`
			`)`
Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods [misc] fix express deprecations GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5 2020-05-06 06:02:16 -04:00			`res.status(500).send({ message: err.message })`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`} else if (status === 'primary') {`
Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods [misc] fix express deprecations GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5 2020-05-06 06:02:16 -04:00			`res.status(200).send({`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`message: { text: req.i18n.translate('password_reset_email_sent') }`
			`})`
			`} else if (status === 'secondary') {`
Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods [misc] fix express deprecations GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5 2020-05-06 06:02:16 -04:00			`res.status(404).send({`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`message: req.i18n.translate('secondary_email_password_reset')`
			`})`
			`} else {`
Merge pull request #2746 from overleaf/ew-jpa-fix-deprecated-express-methods [misc] fix express deprecations GitOrigin-RevId: 78c730578c6a671f142837c98f98d5fd260332a5 2020-05-06 06:02:16 -04:00			`res.status(404).send({`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`message: req.i18n.translate('cant_find_email')`
			`})`
			`}`
			`})`
			`})`
			`},`

			`renderSetPasswordForm(req, res) {`
			`if (req.query.passwordResetToken != null) {`
			`req.session.resetToken = req.query.passwordResetToken`
			`return res.redirect('/user/password/set')`
			`}`
			`if (req.session.resetToken == null) {`
			`return res.redirect('/user/password/reset')`
			`}`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`res.render('user/setPassword', {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`title: 'set_password',`
			`passwordResetToken: req.session.resetToken`
			`})`
			`},`

			`setNewUserPassword(req, res, next) {`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`let { passwordResetToken, password } = req.body`
			`if (!passwordResetToken \|\| !password) {`
			`return res.sendStatus(400)`
			`}`
			`passwordResetToken = passwordResetToken.trim()`
			`if (AuthenticationManager.validatePassword(password) != null) {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`return res.sendStatus(400)`
			`}`
			`delete req.session.resetToken`
Merge pull request #1944 from overleaf/em-password-reset Store the email address in the password reset token data GitOrigin-RevId: 9aa2eaff49de9ac88258cb996202934dab71cc0a 2019-07-04 08:40:12 -04:00			`PasswordResetHandler.setNewUserPassword(`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`passwordResetToken,`
			`password,`
			`(err, found, userId) => {`
			`if ((err && err.name === 'NotFoundError') \|\| !found) {`
			`return res.status(404).send('NotFoundError')`
			`} else if (err) {`
			`return res.status(500)`
			`}`
			`UserSessionsManager.revokeAllUserSessions({ _id: userId }, [], err => {`
			`if (err != null) {`
			`return next(err)`
			`}`
			`UserUpdater.removeReconfirmFlag(userId, err => {`
			`if (err != null) {`
			`return next(err)`
			`}`
Merge pull request #2750 from overleaf/ta-activate-finish-login Don't Bypass FinishLogin on Password Reset GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71 2020-04-23 07:50:40 -04:00			`if (!req.session.doLoginAfterPasswordReset) {`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`return res.sendStatus(200)`
			`}`
Merge pull request #2750 from overleaf/ta-activate-finish-login Don't Bypass FinishLogin on Password Reset GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71 2020-04-23 07:50:40 -04:00			`UserGetter.getUser(userId, (err, user) => {`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`if (err != null) {`
			`return next(err)`
			`}`
Merge pull request #2750 from overleaf/ta-activate-finish-login Don't Bypass FinishLogin on Password Reset GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71 2020-04-23 07:50:40 -04:00			`AuthenticationController.finishLogin(user, req, res, err => {`
			`if (err != null) {`
			`logger.err(`
			`{ err, email: user.email },`
			`'Error setting up session after setting password'`
			`)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #2750 from overleaf/ta-activate-finish-login Don't Bypass FinishLogin on Password Reset GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71 2020-04-23 07:50:40 -04:00			`next(err)`
			`})`
remove v1 deps for password change/reset GitOrigin-RevId: be25f19ae589c50bfde0b170860127fa8d6f63b7 2019-06-14 12:31:46 -04:00			`})`
			`})`
			`})`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
			`)`
			`}`
			`}`