overleaf/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee

75 lines
2.9 KiB
CoffeeScript
Raw Normal View History

2014-05-15 11:50:38 -04:00
PasswordResetHandler = require("./PasswordResetHandler")
RateLimiter = require("../../infrastructure/RateLimiter")
AuthenticationController = require("../Authentication/AuthenticationController")
UserGetter = require("../User/UserGetter")
2016-07-05 09:19:59 -04:00
UserSessionsManager = require("../User/UserSessionsManager")
logger = require "logger-sharelatex"
2014-05-15 11:20:23 -04:00
module.exports =
2014-05-15 11:50:38 -04:00
renderRequestResetForm: (req, res)->
logger.log "rendering request reset form"
res.render "user/passwordReset",
2014-08-01 08:47:14 -04:00
title:"reset_password"
2014-05-15 11:20:23 -04:00
2014-05-15 11:50:38 -04:00
requestReset: (req, res)->
2014-06-10 12:54:29 -04:00
email = req.body.email.trim().toLowerCase()
opts =
endpointName: "password_reset_rate_limit"
timeInterval: 60
subjectName: req.ip
throttle: 6
2014-10-30 04:33:18 -04:00
RateLimiter.addCount opts, (err, canContinue)->
if !canContinue
return res.send 429, { message: req.i18n.translate("rate_limit_hit_wait")}
PasswordResetHandler.generateAndEmailResetToken email, (err, exists)->
if err?
res.send 500, {message:err?.message}
else if exists
2015-07-08 11:56:38 -04:00
res.sendStatus 200
else
res.send 404, {message: req.i18n.translate("cant_find_email")}
2014-05-15 11:20:23 -04:00
2014-05-15 11:50:38 -04:00
renderSetPasswordForm: (req, res)->
if req.query.passwordResetToken?
req.session.resetToken = req.query.passwordResetToken
return res.redirect('/user/password/set')
if !req.session.resetToken?
return res.redirect('/user/password/reset')
res.render "user/setPassword",
2014-08-01 08:47:14 -04:00
title:"set_password"
passwordResetToken: req.session.resetToken
2014-05-15 11:20:23 -04:00
setNewUserPassword: (req, res, next)->
{passwordResetToken, password} = req.body
if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0
2015-07-08 11:56:38 -04:00
return res.sendStatus 400
delete req.session.resetToken
PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err, found, user_id) ->
if err and err.name and err.name == "NotFoundError"
res.status(404).send("NotFoundError")
else if err and err.name and err.name == "NotInV2Error"
res.status(403).send("NotInV2Error")
else if err and err.name and err.name == "SLInV2Error"
res.status(403).send("SLInV2Error")
else if err and err.statusCode and err.statusCode == 500
res.status(500)
else if err and !err.statusCode
res.status(500)
else if found
return res.sendStatus 200 if !user_id? # will not exist for v1-only users
2016-07-05 09:19:59 -04:00
UserSessionsManager.revokeAllUserSessions {_id: user_id}, [], (err) ->
return next(err) if err?
if req.body.login_after
UserGetter.getUser user_id, {email: 1}, (err, user) ->
return next(err) if err?
AuthenticationController.afterLoginSessionSetup req, user, (err) ->
if err?
logger.err {err, email: user.email}, "Error setting up session after setting password"
return next(err)
res.json {redir: AuthenticationController._getRedirectFromSession(req) || "/project"}
2016-07-05 09:19:59 -04:00
else
res.sendStatus 200
2014-05-15 11:50:38 -04:00
else
res.sendStatus 404