mirror of
https://github.com/wassname/talk.git
synced 2026-07-11 13:48:53 +08:00
bug fixes
This commit is contained in:
@@ -6,13 +6,9 @@ const merge = require('lodash/merge');
|
||||
const helmet = require('helmet');
|
||||
const compression = require('compression');
|
||||
const cookieParser = require('cookie-parser');
|
||||
const {
|
||||
BASE_URL,
|
||||
BASE_PATH,
|
||||
MOUNT_PATH,
|
||||
STATIC_URL,
|
||||
HELMET_CONFIGURATION,
|
||||
} = require('./url');
|
||||
const {HELMET_CONFIGURATION} = require('./config');
|
||||
const {MOUNT_PATH} = require('./url');
|
||||
const {applyLocals} = require('./services/locals');
|
||||
const routes = require('./routes');
|
||||
const debug = require('debug')('talk:app');
|
||||
|
||||
@@ -57,12 +53,8 @@ app.set('view engine', 'ejs');
|
||||
// ROUTES
|
||||
//==============================================================================
|
||||
|
||||
// Apply the BASE_PATH, BASE_URL, and MOUNT_PATH on the app.locals, which will
|
||||
// make them available on the templates and the routers.
|
||||
app.locals.BASE_URL = BASE_URL;
|
||||
app.locals.BASE_PATH = BASE_PATH;
|
||||
app.locals.MOUNT_PATH = MOUNT_PATH;
|
||||
app.locals.STATIC_URL = STATIC_URL;
|
||||
// Add the locals to the app renderer.
|
||||
applyLocals(app.locals);
|
||||
|
||||
debug(`mounting routes on the ${MOUNT_PATH} path`);
|
||||
|
||||
|
||||
@@ -4,9 +4,6 @@ const UsersService = require('../../../services/users');
|
||||
const mailer = require('../../../services/mailer');
|
||||
const authorization = require('../../../middleware/authorization');
|
||||
const errors = require('../../../errors');
|
||||
const {
|
||||
ROOT_URL
|
||||
} = require('../../../config');
|
||||
|
||||
//==============================================================================
|
||||
// ROUTES
|
||||
@@ -55,7 +52,6 @@ router.post('/password/reset', async (req, res, next) => {
|
||||
template: 'password-reset',
|
||||
locals: {
|
||||
token,
|
||||
rootURL: ROOT_URL
|
||||
},
|
||||
subject: 'Password Reset',
|
||||
to: email
|
||||
@@ -74,22 +70,23 @@ router.post('/password/reset', async (req, res, next) => {
|
||||
* 2) the new password {String}
|
||||
*/
|
||||
router.put('/password/reset', async (req, res, next) => {
|
||||
|
||||
const {
|
||||
token,
|
||||
password
|
||||
} = req.body;
|
||||
const {check} = req.query;
|
||||
const {token, password} = req.body;
|
||||
|
||||
if (!token) {
|
||||
return next(errors.ErrMissingToken);
|
||||
}
|
||||
|
||||
if (!password || password.length < 8) {
|
||||
if (check !== 'true' && (!password || password.length < 8)) {
|
||||
return next(errors.ErrPasswordTooShort);
|
||||
}
|
||||
|
||||
try {
|
||||
let [user, loc] = await UsersService.verifyPasswordResetToken(token);
|
||||
if (check === 'true') {
|
||||
res.status(204).end();
|
||||
return;
|
||||
}
|
||||
|
||||
// Change the users' password.
|
||||
await UsersService.changePassword(user.id, password);
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
<p><%= t('email.confirm.has_been_requested') %> <b><%= email %></b>.</p>
|
||||
<p><%= t('email.confirm.to_confirm') %> <a href="<%= rootURL %>/admin/confirm-email#<%= token %>">Confirm Email</a></p>
|
||||
<p><%= t('email.confirm.to_confirm') %> <a href="<%= BASE_URL %>admin/confirm-email#<%= token %>">Confirm Email</a></p>
|
||||
<p><%= t('email.confirm.if_you_did_not') %></p>
|
||||
|
||||
@@ -4,6 +4,6 @@
|
||||
|
||||
<%= t('email.confirm.to_confirm') %>
|
||||
|
||||
<%= rootURL %>/confirm/endpoint#<%= token %>
|
||||
<%= BASE_URL %>confirm/endpoint#<%= token %>
|
||||
|
||||
<%= t('email.confirm.if_you_did_not') %>
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
<p><%= t('email.password_reset.we_received_a_request') %><br />
|
||||
<%= t('email.password_reset.if_you_did') %> <a href="<%= rootURL %>/admin/password-reset#<%= token %>"><%= t('email.password_reset.please_click') %></a>.</p>
|
||||
<%= t('email.password_reset.if_you_did') %> <a href="<%= BASE_URL %>admin/password-reset#<%= token %>"><%= t('email.password_reset.please_click') %></a>.</p>
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
<%= t('email.password_reset.we_received_a_request') %>. <%= t('email.password_reset.if_you_did') %> <%= t('email.password_reset.please_click') %>:
|
||||
|
||||
<%= rootURL %>/admin/password-reset#<%= token %>
|
||||
<%= BASE_URL %>admin/password-reset#<%= token %>
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
const {
|
||||
BASE_URL,
|
||||
BASE_PATH,
|
||||
MOUNT_PATH,
|
||||
STATIC_URL,
|
||||
} = require('../url');
|
||||
|
||||
const applyLocals = (locals) => {
|
||||
|
||||
// Apply the BASE_PATH, BASE_URL, and MOUNT_PATH on the app.locals, which will
|
||||
// make them available on the templates and the routers.
|
||||
locals.BASE_URL = BASE_URL;
|
||||
locals.BASE_PATH = BASE_PATH;
|
||||
locals.MOUNT_PATH = MOUNT_PATH;
|
||||
locals.STATIC_URL = STATIC_URL;
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
applyLocals,
|
||||
};
|
||||
@@ -4,6 +4,7 @@ const kue = require('./kue');
|
||||
const path = require('path');
|
||||
const fs = require('fs');
|
||||
const _ = require('lodash');
|
||||
const {applyLocals} = require('./locals');
|
||||
|
||||
const i18n = require('./i18n');
|
||||
|
||||
@@ -92,6 +93,9 @@ const mailer = module.exports = {
|
||||
// Prefix the subject with `[Talk]`.
|
||||
subject = `[Talk] ${subject}`;
|
||||
|
||||
applyLocals(locals);
|
||||
|
||||
// Attach the templating function.
|
||||
locals['t'] = i18n.t;
|
||||
|
||||
return Promise.all([
|
||||
|
||||
+5
-1
@@ -610,12 +610,16 @@ module.exports = class UsersService {
|
||||
* @param {String} token the JSON Web Token to verify
|
||||
*/
|
||||
static async verifyPasswordResetToken(token) {
|
||||
const {userId, loc} = await UsersService.verifyToken(token, {
|
||||
const {userId, loc, version} = await UsersService.verifyToken(token, {
|
||||
subject: PASSWORD_RESET_JWT_SUBJECT
|
||||
});
|
||||
|
||||
const user = await UsersService.findById(userId);
|
||||
|
||||
if (version !== user.__v) {
|
||||
throw new Error('password reset token has expired');
|
||||
}
|
||||
|
||||
return [user, loc];
|
||||
}
|
||||
|
||||
|
||||
@@ -15,11 +15,13 @@
|
||||
background: #fff;
|
||||
}
|
||||
|
||||
#root form {
|
||||
.container {
|
||||
max-width: 300px;
|
||||
border: 1px solid lightgrey;
|
||||
box-shadow: 0px 10px 24px 2px rgba(0,0,0,0.2);
|
||||
margin: 50px auto;
|
||||
}
|
||||
|
||||
#root form {
|
||||
display: none;
|
||||
padding: 15px;
|
||||
}
|
||||
|
||||
@@ -81,7 +83,8 @@
|
||||
</head>
|
||||
<body>
|
||||
<div id="root">
|
||||
<form id="reset-password-form">
|
||||
<div class="error-console container"></div>
|
||||
<form id="reset-password-form" class="container">
|
||||
<legend class="legend">Set new password</legend>
|
||||
<label for="password">
|
||||
New password
|
||||
@@ -94,14 +97,18 @@
|
||||
<input type="password" name="confirm-password" placeholder="confirm password" />
|
||||
</label>
|
||||
<button class="submit-password-reset" type="submit">Apply</button>
|
||||
<div class="error-console">foo</div>
|
||||
</form>
|
||||
</div>
|
||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
|
||||
<script>
|
||||
$(function () {
|
||||
function showError(message) {
|
||||
$('.error-console').text(message).addClass('active');
|
||||
function showError(error) {
|
||||
try {
|
||||
var err = JSON.parse(error);
|
||||
$('.error-console').text(err.message).addClass('active');
|
||||
} catch (err) {
|
||||
$('.error-console').text(error).addClass('active');
|
||||
}
|
||||
}
|
||||
|
||||
function handleSubmit (e) {
|
||||
@@ -111,8 +118,13 @@
|
||||
var password = $('[name="password"]').val();
|
||||
var confirm = $('[name="confirm-password"]').val();
|
||||
|
||||
if (password !== confirm || password === '' || password.length < 8) {
|
||||
showError('passwords must match and be 8 characters.');
|
||||
if (password === '' || password.length < 8) {
|
||||
showError('Passwords must be at least 8 characters.');
|
||||
return false;
|
||||
}
|
||||
|
||||
if (password !== confirm) {
|
||||
showError('New password and confirm password must match');
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -128,7 +140,17 @@
|
||||
});
|
||||
}
|
||||
|
||||
$('#reset-password-form').on('submit', handleSubmit);
|
||||
|
||||
$.ajax({
|
||||
url: '<%= BASE_PATH %>api/v1/account/password/reset?check=true',
|
||||
contentType: 'application/json',
|
||||
method: 'PUT',
|
||||
data: JSON.stringify({token: location.hash.replace('#', '')})
|
||||
}).then(function () {
|
||||
$('#reset-password-form').fadeIn().on('submit', handleSubmit);
|
||||
}).catch(function (error) {
|
||||
showError(error.responseText);
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
|
||||
Reference in New Issue
Block a user