overleaf/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
2017-02-06 16:35:52 +00:00

64 lines
2.4 KiB
CoffeeScript

PasswordResetHandler = require("./PasswordResetHandler")
RateLimiter = require("../../infrastructure/RateLimiter")
AuthenticationController = require("../Authentication/AuthenticationController")
UserGetter = require("../User/UserGetter")
UserSessionsManager = require("../User/UserSessionsManager")
logger = require "logger-sharelatex"
module.exports =
renderRequestResetForm: (req, res)->
logger.log "rendering request reset form"
res.render "user/passwordReset",
title:"reset_password"
requestReset: (req, res)->
email = req.body.email.trim().toLowerCase()
opts =
endpointName: "password_reset_rate_limit"
timeInterval: 60
subjectName: req.ip
throttle: 6
RateLimiter.addCount opts, (err, canContinue)->
if !canContinue
return res.send 500, { message: req.i18n.translate("rate_limit_hit_wait")}
PasswordResetHandler.generateAndEmailResetToken email, (err, exists)->
if err?
res.send 500, {message:err?.message}
else if exists
res.sendStatus 200
else
res.send 404, {message: req.i18n.translate("cant_find_email")}
renderSetPasswordForm: (req, res)->
if req.query.passwordResetToken?
req.session.resetToken = req.query.passwordResetToken
return res.redirect('/user/password/set')
if !req.session.resetToken?
return res.redirect('/user/password/reset')
res.render "user/setPassword",
title:"set_password"
passwordResetToken: req.session.resetToken
setNewUserPassword: (req, res, next)->
{passwordResetToken, password} = req.body
if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0
return res.sendStatus 400
delete req.session.resetToken
PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err, found, user_id) ->
return next(err) if err?
if found
UserSessionsManager.revokeAllUserSessions {_id: user_id}, [], (err) ->
return next(err) if err?
if req.body.login_after
UserGetter.getUser user_id, {email: 1}, (err, user) ->
return next(err) if err?
AuthenticationController.afterLoginSessionSetup req, user, (err) ->
if err?
logger.err {err, email: user.email}, "Error setting up session after setting password"
return next(err)
res.json {redir: AuthenticationController._getRedirectFromSession(req) || "/project"}
else
res.sendStatus 200
else
res.sendStatus 404