overleaf/services/web/app/coffee/Features/PasswordReset/PasswordResetTokenHandler.coffee

Settings = require('settings-sharelatex')
redis = require('redis')
rclient = redis.createClient(Settings.redis.web.port, Settings.redis.web.host)
rclient.auth(Settings.redis.web.password)
crypto = require("crypto")
logger = require("logger-sharelatex")

ONE_HOUR_IN_S = 60 * 60

buildKey = (token)-> return "password_token:#{token}"

module.exports =

	getNewToken: (user_id, callback)->
		logger.log user_id:user_id, "generating token for password reset"
		token = crypto.randomBytes(32).toString("hex")
		multi = rclient.multi()
		multi.set buildKey(token), user_id
		multi.expire buildKey(token), ONE_HOUR_IN_S
		multi.exec (err)->
			callback(err, token)

	getUserIdFromTokenAndExpire: (token, callback)->
		logger.log token:token, "getting user id from password token"
		multi = rclient.multi()
		multi.get buildKey(token)
		multi.del buildKey(token)
		multi.exec (err, results)->
			callback err, results[0]
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`Settings = require('settings-sharelatex')`
			`redis = require('redis')`
			`rclient = redis.createClient(Settings.redis.web.port, Settings.redis.web.host)`
			`rclient.auth(Settings.redis.web.password)`
Use crypto.randomBytes 2014-05-16 05:52:31 -04:00			`crypto = require("crypto")`
added some logging 2014-05-15 13:08:21 -04:00			`logger = require("logger-sharelatex")`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
token based reset works 2014-05-15 12:58:25 -04:00			`ONE_HOUR_IN_S = 60 * 60`

			`buildKey = (token)-> return "password_token:#{token}"`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
			`module.exports =`

			`getNewToken: (user_id, callback)->`
added some logging 2014-05-15 13:08:21 -04:00			`logger.log user_id:user_id, "generating token for password reset"`
Use crypto.randomBytes 2014-05-16 05:52:31 -04:00			`token = crypto.randomBytes(32).toString("hex")`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`multi = rclient.multi()`
token based reset works 2014-05-15 12:58:25 -04:00			`multi.set buildKey(token), user_id`
			`multi.expire buildKey(token), ONE_HOUR_IN_S`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`multi.exec (err)->`
			`callback(err, token)`

renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`getUserIdFromTokenAndExpire: (token, callback)->`
added some logging 2014-05-15 13:08:21 -04:00			`logger.log token:token, "getting user id from password token"`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`multi = rclient.multi()`
token based reset works 2014-05-15 12:58:25 -04:00			`multi.get buildKey(token)`
			`multi.del buildKey(token)`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`multi.exec (err, results)->`
			`callback err, results[0]`