github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity
overleaf/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee
Paulo Jorge Reis e139abb110 Merge pull request #1273 from sharelatex/ja-password-reset-v1 
Handle v1-only users in v2 password reset flow

GitOrigin-RevId: 38ce8e9aebd3330b980e73640a23661d8015d4f3
2018-12-18 11:48:53 +00:00

67 lines
2.7 KiB
CoffeeScript
Raw Blame History

settings = require("settings-sharelatex")
async = require("async")
UserGetter = require("../User/UserGetter")
OneTimeTokenHandler = require("../Security/OneTimeTokenHandler")
EmailHandler = require("../Email/EmailHandler")
AuthenticationManager = require("../Authentication/AuthenticationManager")
logger = require("logger-sharelatex")
V1Api = require("../V1/V1Api")
module.exports = PasswordResetHandler =
generateAndEmailResetToken:(email, callback = (error, exists) ->)->
PasswordResetHandler._getPasswordResetData email, (error, exists, data) ->
if error? or !exists
return callback(error, exists)
OneTimeTokenHandler.getNewToken 'password', data, (err, token)->
if err then return callback(err)
emailOptions =
to : email
setNewPasswordUrl : "#{settings.siteUrl}/user/password/set?passwordResetToken=#{token}&email=#{encodeURIComponent(email)}"
EmailHandler.sendEmail "passwordResetRequested", emailOptions, (error) ->
return callback(error) if error?
callback null, true
setNewUserPassword: (token, password, callback = (error, found, user_id) ->)->
OneTimeTokenHandler.getValueFromTokenAndExpire 'password', token, (err, data)->
if err then return callback(err)
if !data?
return callback null, false, null
if typeof data == "string"
# Backwards compatible with old format.
# Tokens expire after 1h, so this can be removed soon after deploy.
# Possibly we should keep this until we do an onsite release too.
data = { user_id: data }
if data.user_id?
AuthenticationManager.setUserPassword data.user_id, password, (err, reset) ->
if err then return callback(err)
callback null, reset, data.user_id
else if data.v1_user_id?
AuthenticationManager.setUserPasswordInV1 data.v1_user_id, password, (error, reset) ->
return callback(error) if error?
UserGetter.getUser { 'overleaf.id': data.v1_user_id }, {_id:1}, (error, user) ->
return callback(error) if error?
callback null, reset, user?._id
_getPasswordResetData: (email, callback = (error, exists, data) ->) ->
if settings.overleaf?
# Overleaf v2
V1Api.request {
url: "/api/v1/sharelatex/user_emails"
qs:
email: email
expectedStatusCodes: [404]
}, (error, response, body) ->
return callback(error) if error?
if response.statusCode == 404
return callback null, false
else
return callback null, true, { v1_user_id: body.user_id }
else
# ShareLaTeX
UserGetter.getUserByMainEmail email, (err, user)->
if err then return callback(err)
if !user? or user.holdingAccount or user.overleaf?
logger.err email:email, "user could not be found for password reset"
return callback(null, false)
return callback null, true, { user_id: user._id }
Reference in a new issue View git blame Copy permalink