mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-30 06:05:30 -05:00
added the token generator and its getNewToken function
This commit is contained in:
parent
64688e661d
commit
9f901fb1ba
6 changed files with 96 additions and 8 deletions
|
@ -14,17 +14,16 @@ module.exports =
|
||||||
else
|
else
|
||||||
res.send 200
|
res.send 200
|
||||||
|
|
||||||
|
|
||||||
renderSetPasswordForm: (req, res)->
|
renderSetPasswordForm: (req, res)->
|
||||||
res.render "user/setPassword",
|
res.render "user/setPassword",
|
||||||
title:"Set Password"
|
title:"Set Password"
|
||||||
|
passwordResetToken:req.query.passwordResetToken
|
||||||
|
|
||||||
setNewUserPassword: (req, res)->
|
setNewUserPassword: (req, res)->
|
||||||
{token, password} = req.body
|
{passwordResetToken, password} = req.body
|
||||||
if !password? or password.length < 4 or !token? or token.length == 0
|
if !password? or password.length < 4 or !passwordResetToken? or passwordResetToken.length == 0
|
||||||
return res.send 500
|
return res.send 500
|
||||||
PasswordResetHandler.setNewUserPassword token?.trim(), password?.trim(), (err)->
|
PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err)->
|
||||||
if err?
|
if err?
|
||||||
res.send 500
|
res.send 500
|
||||||
else
|
else
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
|
PasswordResetController = require("./PasswordResetController")
|
||||||
|
|
||||||
module.exports =
|
module.exports =
|
||||||
apply: (app) ->
|
apply: (app) ->
|
||||||
|
|
||||||
app.get '/user/password/reset', PasswordResetController.renderRequestResetForm
|
app.get '/user/password/reset', PasswordResetController.renderRequestResetForm
|
||||||
app.post '/user/password/reset', ProjectDownloadsController.requestReset
|
app.post '/user/password/reset', PasswordResetController.requestReset
|
||||||
|
|
||||||
app.get '/user/password/set', PasswordResetController.renderSetPasswordForm
|
app.get '/user/password/set', PasswordResetController.renderSetPasswordForm
|
||||||
app.post '/user/password/set', PasswordResetController.setNewUserPassword
|
app.post '/user/password/set', PasswordResetController.setNewUserPassword
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
Settings = require('settings-sharelatex')
|
||||||
|
redis = require('redis')
|
||||||
|
rclient = redis.createClient(Settings.redis.web.port, Settings.redis.web.host)
|
||||||
|
rclient.auth(Settings.redis.web.password)
|
||||||
|
uuid = require("node-uuid")
|
||||||
|
|
||||||
|
ONE_MIN = 60 * 1000
|
||||||
|
ONE_HOUR_IN_MS = ONE_MIN * 60
|
||||||
|
|
||||||
|
module.exports =
|
||||||
|
|
||||||
|
getNewToken: (user_id, callback)->
|
||||||
|
token = uuid.v4()
|
||||||
|
multi = rclient.multi()
|
||||||
|
multi.set token, user_id
|
||||||
|
multi.expire token, ONE_HOUR_IN_MS
|
||||||
|
multi.exec (err)->
|
||||||
|
callback(err, token)
|
||||||
|
|
||||||
|
getUserIdFromToken: (token, callback)->
|
19
services/web/app/views/user/setPassword.jade
Normal file
19
services/web/app/views/user/setPassword.jade
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
extends ../layout
|
||||||
|
|
||||||
|
block content
|
||||||
|
.container
|
||||||
|
.row
|
||||||
|
.box.span4.offset4
|
||||||
|
.page-header
|
||||||
|
h1 Set Password
|
||||||
|
.messageArea
|
||||||
|
form.validate#passwordReset(method='post')
|
||||||
|
input(type="hidden", name="_csrf", value=csrfToken)
|
||||||
|
.clearfix
|
||||||
|
label(for='xlInput') Password
|
||||||
|
.input
|
||||||
|
input.span4.email.required(type='password', name='password', placeholder='password')
|
||||||
|
.input
|
||||||
|
input(type="hidden", name="passwordResetToken", value=passwordResetToken)
|
||||||
|
.actions
|
||||||
|
button.btn.btn-primary.btn.btn-large(type='submit') Submit
|
|
@ -25,7 +25,7 @@ describe "PasswordResetController", ->
|
||||||
@req =
|
@req =
|
||||||
body:
|
body:
|
||||||
email:@email
|
email:@email
|
||||||
token:@token
|
passwordResetToken:@token
|
||||||
password:@password
|
password:@password
|
||||||
|
|
||||||
@res ={}
|
@res ={}
|
||||||
|
@ -78,7 +78,7 @@ describe "PasswordResetController", ->
|
||||||
|
|
||||||
|
|
||||||
it "should error if there is no password", (done)->
|
it "should error if there is no password", (done)->
|
||||||
@req.body.token = ""
|
@req.body.passwordResetToken = ""
|
||||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
||||||
@res.send = (code)=>
|
@res.send = (code)=>
|
||||||
code.should.equal 500
|
code.should.equal 500
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
should = require('chai').should()
|
||||||
|
SandboxedModule = require('sandboxed-module')
|
||||||
|
assert = require('assert')
|
||||||
|
path = require('path')
|
||||||
|
sinon = require('sinon')
|
||||||
|
modulePath = path.join __dirname, "../../../../app/js/Features/PasswordReset/TokenGenerator"
|
||||||
|
expect = require("chai").expect
|
||||||
|
|
||||||
|
describe "TokenGenerator", ->
|
||||||
|
|
||||||
|
beforeEach ->
|
||||||
|
@user_id = "user id here"
|
||||||
|
@stubbedToken = "dsajdiojlklksda"
|
||||||
|
|
||||||
|
@settings =
|
||||||
|
redis:
|
||||||
|
web:{}
|
||||||
|
@redisMulti =
|
||||||
|
set:sinon.stub()
|
||||||
|
expire:sinon.stub()
|
||||||
|
exec:sinon.stub()
|
||||||
|
@uuid = v4 : -> return @stubbedToken
|
||||||
|
self = @
|
||||||
|
@TokenGenerator = SandboxedModule.require modulePath, requires:
|
||||||
|
"redis" :
|
||||||
|
createClient: =>
|
||||||
|
auth:->
|
||||||
|
multi: -> return self.redisMulti
|
||||||
|
|
||||||
|
"settings-sharelatex":@settings
|
||||||
|
"logger-sharelatex": log:->
|
||||||
|
"node-uuid":@uuid
|
||||||
|
|
||||||
|
|
||||||
|
describe "getNewToken", ->
|
||||||
|
|
||||||
|
it "should set a new token into redis with a ttl", (done)->
|
||||||
|
@redisMulti.exec.callsArgWith(0)
|
||||||
|
@TokenGenerator.getNewToken @user_id, (err, token)=>
|
||||||
|
@redisMulti.set @stubbedToken, @user_id
|
||||||
|
@redisMulti.expire @stubbedToken, (60*1000)*60
|
||||||
|
done()
|
||||||
|
|
||||||
|
it "should return if there was an error", (done)->
|
||||||
|
@redisMulti.exec.callsArgWith(0, "error")
|
||||||
|
@TokenGenerator.getNewToken @user_id, (err, token)=>
|
||||||
|
err.should.exist
|
||||||
|
done()
|
Loading…
Reference in a new issue