jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add two distinct password reset routes

Browse Source
This commit is contained in:
Johannes Zellner
2021-10-27 18:36:28 +02:00
parent daf212468f
commit 9a80049d36
4 changed files with 62 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/routes/users.js
View File

@@ -13,6 +13,9 @@ exports = module.exports = {
setGhost,
makeOwner,
getPasswordResetLink,
sendPasswordResetEmail,
disableTwoFactorAuthentication,
load
@@ -216,3 +219,24 @@ async function makeOwner(req, res, next) {
next(new HttpSuccess(204));
}
// This will always return a reset link, if none is set or expired a new one will be created
async function getPasswordResetLink(req, res, next) {
assert.strictEqual(typeof req.resource, 'object');
let [error, passwordResetLink] = await safe(users.getPasswordResetLink(req.resource, AuditSource.fromRequest(req)));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(200, { passwordResetLink }));
}
async function sendPasswordResetEmail(req, res, next) {
assert.strictEqual(typeof req.resource, 'object');
if (!req.body.email || typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be a non-empty string'));
let [error] = await safe(users.sendPasswordResetEmail(req.resource, req.body.email, AuditSource.fromRequest(req)));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(202, {}));
}