overleaf/services/web/app/src/Features/PasswordReset/PasswordResetController.js
Eric Mc Sween 93fe30a451 Merge pull request #2412 from overleaf/em-password-trim
Preserve spaces in password in password reset flow

GitOrigin-RevId: 9a2dfb2988ae99be73934b722e635056b5ab1a18
2019-12-02 14:09:57 +00:00

128 lines
4.1 KiB
JavaScript

const PasswordResetHandler = require('./PasswordResetHandler')
const RateLimiter = require('../../infrastructure/RateLimiter')
const AuthenticationController = require('../Authentication/AuthenticationController')
const AuthenticationManager = require('../Authentication/AuthenticationManager')
const UserGetter = require('../User/UserGetter')
const UserUpdater = require('../User/UserUpdater')
const UserSessionsManager = require('../User/UserSessionsManager')
const logger = require('logger-sharelatex')
module.exports = {
renderRequestResetForm(req, res) {
res.render('user/passwordReset', { title: 'reset_password' })
},
requestReset(req, res, next) {
const email = req.body.email.trim().toLowerCase()
const opts = {
endpointName: 'password_reset_rate_limit',
timeInterval: 60,
subjectName: req.ip,
throttle: 6
}
RateLimiter.addCount(opts, (err, canContinue) => {
if (err != null) {
res.send(500, { message: err.message })
}
if (!canContinue) {
return res.send(429, {
message: req.i18n.translate('rate_limit_hit_wait')
})
}
PasswordResetHandler.generateAndEmailResetToken(email, (err, status) => {
if (err != null) {
logger.warn(
{ err },
'failed to generate and email password reset token'
)
res.send(500, { message: err.message })
} else if (status === 'primary') {
res.send(200, {
message: { text: req.i18n.translate('password_reset_email_sent') }
})
} else if (status === 'secondary') {
res.send(404, {
message: req.i18n.translate('secondary_email_password_reset')
})
} else {
res.send(404, {
message: req.i18n.translate('cant_find_email')
})
}
})
})
},
renderSetPasswordForm(req, res) {
if (req.query.passwordResetToken != null) {
req.session.resetToken = req.query.passwordResetToken
return res.redirect('/user/password/set')
}
if (req.session.resetToken == null) {
return res.redirect('/user/password/reset')
}
res.render('user/setPassword', {
title: 'set_password',
passwordResetToken: req.session.resetToken
})
},
setNewUserPassword(req, res, next) {
let { passwordResetToken, password } = req.body
if (!passwordResetToken || !password) {
return res.sendStatus(400)
}
passwordResetToken = passwordResetToken.trim()
if (AuthenticationManager.validatePassword(password) != null) {
return res.sendStatus(400)
}
delete req.session.resetToken
PasswordResetHandler.setNewUserPassword(
passwordResetToken,
password,
(err, found, userId) => {
if ((err && err.name === 'NotFoundError') || !found) {
return res.status(404).send('NotFoundError')
} else if (err) {
return res.status(500)
}
UserSessionsManager.revokeAllUserSessions({ _id: userId }, [], err => {
if (err != null) {
return next(err)
}
UserUpdater.removeReconfirmFlag(userId, err => {
if (err != null) {
return next(err)
}
if (!req.body.login_after) {
return res.sendStatus(200)
}
UserGetter.getUser(userId, { email: 1 }, (err, user) => {
if (err != null) {
return next(err)
}
AuthenticationController.afterLoginSessionSetup(
req,
user,
err => {
if (err != null) {
logger.err(
{ err, email: user.email },
'Error setting up session after setting password'
)
return next(err)
}
res.json({
redir:
AuthenticationController._getRedirectFromSession(req) ||
'/project'
})
}
)
})
})
})
}
)
}
}