overleaf/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee

settings = require("settings-sharelatex")
async = require("async")
UserGetter = require("../User/UserGetter")
PasswordResetTokenHandler = require("./PasswordResetTokenHandler")
EmailHandler = require("../Email/EmailHandler")
AuthenticationManager = require("../Authentication/AuthenticationManager")
logger = require("logger-sharelatex")

module.exports =

	generateAndEmailResetToken:(email, callback = (error, exists) ->)->
		UserGetter.getUser email:email, (err, user)->
			if err then return callback(err)
			if !user?
				logger.err email:email, "user could not be found for password reset"
				return callback(null, false)
			PasswordResetTokenHandler.getNewToken user._id, (err, token)->
				if err then return callback(err)
				emailOptions =
					to : email
					setNewPasswordUrl : "#{settings.siteUrl}/user/password/set?passwordResetToken=#{token}"
				EmailHandler.sendEmail "passwordResetRequested", emailOptions, (error) ->
					return callback(error) if error?
					callback null, true

	setNewUserPassword: (token, password, callback = (error, found) ->)->
		PasswordResetTokenHandler.getUserIdFromTokenAndExpire token, (err, user_id)->
			if err then return callback(err)
			if !user_id?
				return callback null, false
			AuthenticationManager.setUserPassword user_id, password, (err) ->
				if err then return callback(err)
				callback null, true
written password reset handler 2014-05-15 11:20:23 -04:00			`settings = require("settings-sharelatex")`
			`async = require("async")`
			`UserGetter = require("../User/UserGetter")`
renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`PasswordResetTokenHandler = require("./PasswordResetTokenHandler")`
written password reset handler 2014-05-15 11:20:23 -04:00			`EmailHandler = require("../Email/EmailHandler")`
			`AuthenticationManager = require("../Authentication/AuthenticationManager")`
added some logging 2014-05-15 13:08:21 -04:00			`logger = require("logger-sharelatex")`
written password reset handler 2014-05-15 11:20:23 -04:00
			`module.exports =`

Don't error on password reset if no email found, and translate error messages 2014-08-08 06:41:54 -04:00			`generateAndEmailResetToken:(email, callback = (error, exists) ->)->`
written password reset controller 2014-05-15 11:50:38 -04:00			`UserGetter.getUser email:email, (err, user)->`
written password reset handler 2014-05-15 11:20:23 -04:00			`if err then return callback(err)`
written password reset controller 2014-05-15 11:50:38 -04:00			`if !user?`
added some logging 2014-05-15 13:08:21 -04:00			`logger.err email:email, "user could not be found for password reset"`
Don't error on password reset if no email found, and translate error messages 2014-08-08 06:41:54 -04:00			`return callback(null, false)`
renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`PasswordResetTokenHandler.getNewToken user._id, (err, token)->`
written password reset controller 2014-05-15 11:50:38 -04:00			`if err then return callback(err)`
			`emailOptions =`
			`to : email`
token based reset works 2014-05-15 12:58:25 -04:00			`setNewPasswordUrl : "#{settings.siteUrl}/user/password/set?passwordResetToken=#{token}"`
Don't error on password reset if no email found, and translate error messages 2014-08-08 06:41:54 -04:00			`EmailHandler.sendEmail "passwordResetRequested", emailOptions, (error) ->`
			`return callback(error) if error?`
			`callback null, true`
written password reset handler 2014-05-15 11:20:23 -04:00
Show password reset expired message rather than server error if that's what has happened 2014-10-08 12:18:24 -04:00			`setNewUserPassword: (token, password, callback = (error, found) ->)->`
renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`PasswordResetTokenHandler.getUserIdFromTokenAndExpire token, (err, user_id)->`
written password reset handler 2014-05-15 11:20:23 -04:00			`if err then return callback(err)`
			`if !user_id?`
Show password reset expired message rather than server error if that's what has happened 2014-10-08 12:18:24 -04:00			`return callback null, false`
			`AuthenticationManager.setUserPassword user_id, password, (err) ->`
			`if err then return callback(err)`
			`callback null, true`