Add controller and route for password reset

This commit is contained in:
Maciej Ziarkowski 2019-08-21 14:47:23 +01:00
parent fc2666364d
commit 4d27c3b889
2 changed files with 47 additions and 0 deletions

View File

@ -1,4 +1,10 @@
import { URL } from 'url';
import express from 'express';
import * as userService from '../services/user';
import * as passwordResetService from '../services/passwordReset';
import { TokenVerificationError } from '../services/passwordReset';
function createUser(req, res) {
const user = req.body;
@ -58,8 +64,42 @@ function deleteCurrentUser(req, res) {
});
}
async function resetPassword(req: express.Request, res: express.Response) {
throw new Error('adsd');
if(req.body == undefined || (req.body.email == undefined && req.body.token == undefined)) {
return res.send({ error: 'Expected an email address or password reset token in the request body' });
}
if(req.body.email != undefined) {
// first stage: send reset token to email address
// this relies on the API being on the same hostname as the frontend
const { origin } = new URL(req.protocol + '://' + req.headers.host);
await passwordResetService.sendPasswordResetToken(req.body.email, origin);
return res.status(202).send({ success: true });
} else if (req.body.token != undefined) {
// second stage: verify token and reset password
if (req.body.password == undefined) {
return res.send({ error: 'Expected a new password' });
}
try {
await passwordResetService.resetPassword(req.body.token, req.body.password);
} catch (err) {
if (err instanceof TokenVerificationError) {
return res.send({ error: 'Could not verify token' });
}
throw err;
}
return res.send({ success: true });
}
}
export default {
createUser,
getCurrentUser,
deleteCurrentUser,
resetPassword
};

View File

@ -2,6 +2,11 @@ import express from 'express';
import userController from '../controllers/userController';
const asyncMiddleware = fn =>
(req, res, next) => {
Promise.resolve(fn(req, res, next))
.catch(next);
};
const router = express.Router();
@ -11,4 +16,6 @@ router.route('/me')
.get(userController.getCurrentUser)
.delete(userController.deleteCurrentUser);
router.put('/password', asyncMiddleware(userController.resetPassword));
export default router;