From a0469301bb452dcaff725d037b12e50e8205b1f7 Mon Sep 17 00:00:00 2001
From: Riley Davis
Date: Mon, 21 Nov 2016 16:32:07 -0700
Subject: [PATCH] add password reset form
---
routes/admin/index.js | 9 ++-
routes/api/user/index.js | 4 +
views/password-reset-email.ejs | 2 +-
views/password-reset.ejs | 135 +++++++++++++++++++++++++++++++++
4 files changed, 146 insertions(+), 4 deletions(-)
create mode 100644 views/password-reset.ejs
diff --git a/routes/admin/index.js b/routes/admin/index.js
index 2b967708a..e73f11fdc 100644
--- a/routes/admin/index.js
+++ b/routes/admin/index.js
@@ -5,9 +5,12 @@ router.get('/embed/stream/preview', (req, res) => {
res.render('embed-stream', {basePath: '/client/embed/stream'});
});
-router.get('/password-reset/:token', (req, res, next) => {
- // render a page or something?
- res.send('ok');
+// this route is expecting there to be a token in the hash
+// see /views/password-reset-email.ejs
+router.get('/password-reset', (req, res, next) => {
+ // TODO: store the redirect uri in the token or something fancy
+ // admins and regular users should probably be redirected to different places.
+ res.render('password-reset', {redirectUri: '/'});
});
router.get('*', (req, res) => {
diff --git a/routes/api/user/index.js b/routes/api/user/index.js
index 14959eb65..3d5b49d93 100644
--- a/routes/api/user/index.js
+++ b/routes/api/user/index.js
@@ -79,6 +79,10 @@ router.post('/', (req, res, next) => {
router.post('/update-password', (req, res, next) => {
const {token, password} = req.body;
+ if (!password || password.length < 8) {
+ return res.status(400).send('Password must be at least 8 characters');
+ }
+
User.verifyPasswordResetToken(token)
.then(user => {
return User.changePassword(user.id, password);
diff --git a/views/password-reset-email.ejs b/views/password-reset-email.ejs
index 0637b6bb2..17ed9e39b 100644
--- a/views/password-reset-email.ejs
+++ b/views/password-reset-email.ejs
@@ -1,6 +1,6 @@
We received a request to reset your password. If you did not request this change, you can ignore this email.
-If you did, please click here to reset password.