Add new password reset route

2020-02-04 15:27:22 +01:00
parent 0ae9be4de9
commit 86029c1068
2 changed files with 13 additions and 0 deletions
@@ -3,6 +3,7 @@
 exports = module.exports = {
    login: login,
    logout: logout,
+    passwordReset: passwordReset,
    reboot: reboot,
    isRebootRequired: isRebootRequired,
    getConfig: getConfig,
@@ -36,6 +37,7 @@ let assert = require('assert'),
    system = require('../system.js'),
    tokendb = require('../tokendb.js'),
    updater = require('../updater.js'),
+    users = require('../users.js'),
    updateChecker = require('../updatechecker.js');

 function login(req, res, next) {
@@ -84,6 +86,16 @@ function logout(req, res) {
    });
 }

+function passwordReset(req, res, next) {
+    if (!req.body.identifier || typeof req.body.identifier !== 'string') return next(new HttpError(401, 'A identifier must be non-empty string'));
+
+    users.resetPasswordByIdentifier(req.body.identifier, function (error) {
+        if (error && error.reason !== BoxError.NOT_FOUND) console.error(error);
+
+        next(new HttpSuccess(202, {}));
+    });
+}
+
 function reboot(req, res, next) {
    // Finish the request, to let the appstore know we triggered the reboot
    next(new HttpSuccess(202, {}));
@@ -142,6 +142,7 @@ function initializeExpressSync() {
    // login/logout routes
    router.post('/api/v1/cloudron/login', routes.cloudron.login);
    router.get ('/api/v1/cloudron/logout', routes.cloudron.logout); // this will invalidate the token if any and redirect to /login.html always
+    router.post('/api/v1/cloudron/password_reset', routes.cloudron.passwordReset);

    // developer routes
    router.post('/api/v1/developer/login', routes.developer.login);