From a0469301bb452dcaff725d037b12e50e8205b1f7 Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Mon, 21 Nov 2016 16:32:07 -0700 Subject: [PATCH] add password reset form --- routes/admin/index.js | 9 ++- routes/api/user/index.js | 4 + views/password-reset-email.ejs | 2 +- views/password-reset.ejs | 135 +++++++++++++++++++++++++++++++++ 4 files changed, 146 insertions(+), 4 deletions(-) create mode 100644 views/password-reset.ejs diff --git a/routes/admin/index.js b/routes/admin/index.js index 2b967708a..e73f11fdc 100644 --- a/routes/admin/index.js +++ b/routes/admin/index.js @@ -5,9 +5,12 @@ router.get('/embed/stream/preview', (req, res) => { res.render('embed-stream', {basePath: '/client/embed/stream'}); }); -router.get('/password-reset/:token', (req, res, next) => { - // render a page or something? - res.send('ok'); +// this route is expecting there to be a token in the hash +// see /views/password-reset-email.ejs +router.get('/password-reset', (req, res, next) => { + // TODO: store the redirect uri in the token or something fancy + // admins and regular users should probably be redirected to different places. + res.render('password-reset', {redirectUri: '/'}); }); router.get('*', (req, res) => { diff --git a/routes/api/user/index.js b/routes/api/user/index.js index 14959eb65..3d5b49d93 100644 --- a/routes/api/user/index.js +++ b/routes/api/user/index.js @@ -79,6 +79,10 @@ router.post('/', (req, res, next) => { router.post('/update-password', (req, res, next) => { const {token, password} = req.body; + if (!password || password.length < 8) { + return res.status(400).send('Password must be at least 8 characters'); + } + User.verifyPasswordResetToken(token) .then(user => { return User.changePassword(user.id, password); diff --git a/views/password-reset-email.ejs b/views/password-reset-email.ejs index 0637b6bb2..17ed9e39b 100644 --- a/views/password-reset-email.ejs +++ b/views/password-reset-email.ejs @@ -1,6 +1,6 @@

We received a request to reset your password. If you did not request this change, you can ignore this email.
-If you did, please click here to reset password.

+If you did, please click here to reset password.

<% if (process.env.NODE_ENV !== 'production') { %>

<%= token %>

<% } %> diff --git a/views/password-reset.ejs b/views/password-reset.ejs new file mode 100644 index 000000000..ea70ecb17 --- /dev/null +++ b/views/password-reset.ejs @@ -0,0 +1,135 @@ + + + + + + Talk - Coral Admin + + + + + + +
+
+ Set new password + + + + +
foo
+
+
+ + + +