add password reset form

This commit is contained in:
Riley Davis
2016-11-21 16:32:07 -07:00
parent a375c63cbb
commit a0469301bb
4 changed files with 146 additions and 4 deletions
+6 -3
View File
@@ -5,9 +5,12 @@ router.get('/embed/stream/preview', (req, res) => {
res.render('embed-stream', {basePath: '/client/embed/stream'});
});
router.get('/password-reset/:token', (req, res, next) => {
// render a page or something?
res.send('ok');
// this route is expecting there to be a token in the hash
// see /views/password-reset-email.ejs
router.get('/password-reset', (req, res, next) => {
// TODO: store the redirect uri in the token or something fancy
// admins and regular users should probably be redirected to different places.
res.render('password-reset', {redirectUri: '/'});
});
router.get('*', (req, res) => {
+4
View File
@@ -79,6 +79,10 @@ router.post('/', (req, res, next) => {
router.post('/update-password', (req, res, next) => {
const {token, password} = req.body;
if (!password || password.length < 8) {
return res.status(400).send('Password must be at least 8 characters');
}
User.verifyPasswordResetToken(token)
.then(user => {
return User.changePassword(user.id, password);
+1 -1
View File
@@ -1,6 +1,6 @@
<!-- extremely naive implementation of a password reset email -->
<p>We received a request to reset your password. If you did not request this change, you can ignore this email.<br />
If you did, <a href="<%= rootURL %>/admin/password-reset/<%= token %>">please click here to reset password</a>.</p>
If you did, <a href="<%= rootURL %>/admin/password-reset#<%= token %>">please click here to reset password</a>.</p>
<% if (process.env.NODE_ENV !== 'production') { %>
<p style="color: red"><%= token %></p>
<% } %>
+135
View File
@@ -0,0 +1,135 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="initial-scale=1, maximum-scale=1">
<title>Talk - Coral Admin</title>
<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
<link rel="stylesheet" href="https://code.getmdl.io/1.2.1/material.indigo-pink.min.css">
<style media="screen">
body, #root {
width: 100%;
height: 100%;
margin: 0;
background: #fff;
}
#root form {
max-width: 300px;
border: 1px solid lightgrey;
box-shadow: 0px 10px 24px 2px rgba(0,0,0,0.2);
margin: 50px auto;
padding: 15px;
}
.legend {
text-align: center;
width: 100%;
font-weight: bold;
}
label {
display: block;
margin-top: 10px;
margin-bottom: 3px;
padding-right: 30px;
}
small {
color: #888;
}
input {
border-radius: 4px;
margin-top: 3px;
border: 1px solid lightgrey;
font-size: 16px;
width: 100%;
padding: 14px;
height: 100%;
display: inline-block;
}
.submit-password-reset {
border-radius: 4px;
border: none;
display: block;
background-color: #333;
color: white;
text-align: center;
width: 100%;
padding: 10px;
margin-top: 10px;
cursor: pointer;
}
.error-console {
display: none;
margin-top: 10px;
border-radius: 4px;
background-color: pink;
color: red;
border: 1px solid red;
padding: 10px;
}
.error-console.active {
display: block;
}
</style>
</head>
<body>
<div id="root">
<form id="reset-password-form">
<legend class="legend">Set new password</legend>
<label for="password">
New password
<input type="password" name="password" placeholder="new password" />
<p><small>Password must be at least 8 characters</small></p>
</label>
<label for="confirm-password">
Confirm password
<input type="password" name="confirm-password" placeholder="confirm password" />
</label>
<button class="submit-password-reset" type="submit">Apply</button>
<div class="error-console">foo</div>
</form>
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script>
$(function () {
function showError(message) {
$('.error-console').text(message).addClass('active');
}
function handleSubmit (e) {
e.preventDefault();
$('.error-console').removeClass('active');
var password = $('[name="password"]').val();
var confirm = $('[name="confirm-password"]').val();
if (password !== confirm || password === '' || password.length < 8) {
showError('passwords must match and be 8 characters.');
return false;
}
$.ajax({
url: '/api/v1/user/update-password',
contentType: 'application/json',
method: 'POST',
data: JSON.stringify({password: password, token: location.hash.replace('#', '')})
}).then(function (success) {
location.href = '<%= redirectUri %>';
}).catch(function (error) {
showError(error.responseText);
});
}
$('#reset-password-form').on('submit', handleSubmit);
});
</script>
</body>
</html>