diff --git a/client/coral-admin/src/routes/Configure/components/OrganizationSettings.js b/client/coral-admin/src/routes/Configure/components/OrganizationSettings.js
index 38f211781..2bbe1a230 100644
--- a/client/coral-admin/src/routes/Configure/components/OrganizationSettings.js
+++ b/client/coral-admin/src/routes/Configure/components/OrganizationSettings.js
@@ -71,7 +71,6 @@ class OrganizationSettings extends React.Component {
await this.props.savePending();
this.disableEditing();
};
-
displayErrors = (errors = []) => (
diff --git a/routes/api/v1/account.js b/routes/api/v1/account.js
index 3909d5dce..bc642f93f 100644
--- a/routes/api/v1/account.js
+++ b/routes/api/v1/account.js
@@ -109,20 +109,11 @@ router.put(
async (req, res, next) => {
const { token, password } = req.body;
- if (!password || password.length < 8) {
- return next(errors.ErrPasswordTooShort);
- }
-
try {
- let [user, redirect] = await UsersService.verifyPasswordResetToken(token);
-
- // Change the users' password.
- await UsersService.changePassword(user.id, password);
-
+ const { redirect } = await UsersService.resetPassword(token, password);
res.json({ redirect });
- } catch (e) {
- console.error(e);
- return next(errors.ErrNotAuthorized);
+ } catch (err) {
+ return next(err);
}
}
);
diff --git a/services/users.js b/services/users.js
index 93d6fd753..657be737a 100644
--- a/services/users.js
+++ b/services/users.js
@@ -132,7 +132,7 @@ class Users {
locals: {
body: message,
},
- subject: 'Your account has been suspended',
+ subject: 'Your account has been suspended', // TODO: replace with translation
});
}
@@ -490,6 +490,10 @@ class Users {
}
static async changePassword(id, password) {
+ if (!password || password.length < 8) {
+ throw new ErrPasswordTooShort();
+ }
+
const hashedPassword = await bcrypt.hash(password, SALT_ROUNDS);
return User.update(
@@ -725,18 +729,13 @@ class Users {
});
}
- /**
- * Verifies a jwt and returns the associated user. Throws an error when the
- * token isn't valid.
- *
- * @param {String} token the JSON Web Token to verify
- */
+ // TODO: update doc
static async verifyPasswordResetToken(token) {
if (!token) {
throw new Error('cannot verify an empty token');
}
- const { userId, loc, version } = await Users.verifyToken(token, {
+ const { userId, loc: redirect, version } = await Users.verifyToken(token, {
subject: PASSWORD_RESET_JWT_SUBJECT,
});
@@ -746,7 +745,33 @@ class Users {
throw new Error('password reset token has expired');
}
- return [user, loc];
+ return { user, redirect, version };
+ }
+
+ // TODO: update doc
+ static async resetPassword(token, password) {
+ const { user, redirect, version } = await this.verifyPasswordResetToken(
+ token
+ );
+
+ if (!password || password.length < 8) {
+ throw new ErrPasswordTooShort();
+ }
+
+ const hashedPassword = await bcrypt.hash(password, SALT_ROUNDS);
+
+ // Update the user's password.
+ await User.update(
+ { id: user.id, __v: version },
+ {
+ $inc: { __v: 1 },
+ $set: {
+ password: hashedPassword,
+ },
+ }
+ );
+
+ return { user, redirect };
}
/**
diff --git a/views/admin.ejs b/views/admin.ejs
index 979e2ec41..b8f775d79 100644
--- a/views/admin.ejs
+++ b/views/admin.ejs
@@ -11,8 +11,8 @@
-
<%- include partials/head %>
+
diff --git a/views/embed/stream.ejs b/views/embed/stream.ejs
index 50faaf5c2..2027f6069 100644
--- a/views/embed/stream.ejs
+++ b/views/embed/stream.ejs
@@ -2,9 +2,9 @@
+ <%- include ../partials/head %>
- <%- include ../partials/head %>
diff --git a/views/login.ejs b/views/login.ejs
index 7af820a9c..c5a86c2fb 100644
--- a/views/login.ejs
+++ b/views/login.ejs
@@ -4,8 +4,8 @@
-
<%- include partials/head %>
+