mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
93fe30a451
Preserve spaces in password in password reset flow GitOrigin-RevId: 9a2dfb2988ae99be73934b722e635056b5ab1a18
128 lines
4.1 KiB
JavaScript
128 lines
4.1 KiB
JavaScript
const PasswordResetHandler = require('./PasswordResetHandler')
|
|
const RateLimiter = require('../../infrastructure/RateLimiter')
|
|
const AuthenticationController = require('../Authentication/AuthenticationController')
|
|
const AuthenticationManager = require('../Authentication/AuthenticationManager')
|
|
const UserGetter = require('../User/UserGetter')
|
|
const UserUpdater = require('../User/UserUpdater')
|
|
const UserSessionsManager = require('../User/UserSessionsManager')
|
|
const logger = require('logger-sharelatex')
|
|
|
|
module.exports = {
|
|
renderRequestResetForm(req, res) {
|
|
res.render('user/passwordReset', { title: 'reset_password' })
|
|
},
|
|
|
|
requestReset(req, res, next) {
|
|
const email = req.body.email.trim().toLowerCase()
|
|
const opts = {
|
|
endpointName: 'password_reset_rate_limit',
|
|
timeInterval: 60,
|
|
subjectName: req.ip,
|
|
throttle: 6
|
|
}
|
|
RateLimiter.addCount(opts, (err, canContinue) => {
|
|
if (err != null) {
|
|
res.send(500, { message: err.message })
|
|
}
|
|
if (!canContinue) {
|
|
return res.send(429, {
|
|
message: req.i18n.translate('rate_limit_hit_wait')
|
|
})
|
|
}
|
|
PasswordResetHandler.generateAndEmailResetToken(email, (err, status) => {
|
|
if (err != null) {
|
|
logger.warn(
|
|
{ err },
|
|
'failed to generate and email password reset token'
|
|
)
|
|
res.send(500, { message: err.message })
|
|
} else if (status === 'primary') {
|
|
res.send(200, {
|
|
message: { text: req.i18n.translate('password_reset_email_sent') }
|
|
})
|
|
} else if (status === 'secondary') {
|
|
res.send(404, {
|
|
message: req.i18n.translate('secondary_email_password_reset')
|
|
})
|
|
} else {
|
|
res.send(404, {
|
|
message: req.i18n.translate('cant_find_email')
|
|
})
|
|
}
|
|
})
|
|
})
|
|
},
|
|
|
|
renderSetPasswordForm(req, res) {
|
|
if (req.query.passwordResetToken != null) {
|
|
req.session.resetToken = req.query.passwordResetToken
|
|
return res.redirect('/user/password/set')
|
|
}
|
|
if (req.session.resetToken == null) {
|
|
return res.redirect('/user/password/reset')
|
|
}
|
|
res.render('user/setPassword', {
|
|
title: 'set_password',
|
|
passwordResetToken: req.session.resetToken
|
|
})
|
|
},
|
|
|
|
setNewUserPassword(req, res, next) {
|
|
let { passwordResetToken, password } = req.body
|
|
if (!passwordResetToken || !password) {
|
|
return res.sendStatus(400)
|
|
}
|
|
passwordResetToken = passwordResetToken.trim()
|
|
if (AuthenticationManager.validatePassword(password) != null) {
|
|
return res.sendStatus(400)
|
|
}
|
|
delete req.session.resetToken
|
|
PasswordResetHandler.setNewUserPassword(
|
|
passwordResetToken,
|
|
password,
|
|
(err, found, userId) => {
|
|
if ((err && err.name === 'NotFoundError') || !found) {
|
|
return res.status(404).send('NotFoundError')
|
|
} else if (err) {
|
|
return res.status(500)
|
|
}
|
|
UserSessionsManager.revokeAllUserSessions({ _id: userId }, [], err => {
|
|
if (err != null) {
|
|
return next(err)
|
|
}
|
|
UserUpdater.removeReconfirmFlag(userId, err => {
|
|
if (err != null) {
|
|
return next(err)
|
|
}
|
|
if (!req.body.login_after) {
|
|
return res.sendStatus(200)
|
|
}
|
|
UserGetter.getUser(userId, { email: 1 }, (err, user) => {
|
|
if (err != null) {
|
|
return next(err)
|
|
}
|
|
AuthenticationController.afterLoginSessionSetup(
|
|
req,
|
|
user,
|
|
err => {
|
|
if (err != null) {
|
|
logger.err(
|
|
{ err, email: user.email },
|
|
'Error setting up session after setting password'
|
|
)
|
|
return next(err)
|
|
}
|
|
res.json({
|
|
redir:
|
|
AuthenticationController._getRedirectFromSession(req) ||
|
|
'/project'
|
|
})
|
|
}
|
|
)
|
|
})
|
|
})
|
|
})
|
|
}
|
|
)
|
|
}
|
|
}
|