From 61c0af93e3684fe86255997ac648b1f10bf93dc4 Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Wed, 7 Dec 2016 10:28:01 -1000 Subject: [PATCH 1/6] add some debug statements so we can figure out why pw reset doesn't work in staging --- models/user.js | 13 +++++++++++++ routes/api/user/index.js | 11 +++++++++++ 2 files changed, 24 insertions(+) diff --git a/models/user.js b/models/user.js index 336486a54..8c478fbb4 100644 --- a/models/user.js +++ b/models/user.js @@ -2,6 +2,7 @@ const mongoose = require('../mongoose'); const uuid = require('uuid'); const bcrypt = require('bcrypt'); const jwt = require('jsonwebtoken'); +const debug = require('debug')('talk:users'); // SALT_ROUNDS is the number of rounds that the bcrypt algorithm will run // through during the salting process. @@ -435,23 +436,35 @@ UserService.findPublicByIdArray = (ids) => { */ UserService.createPasswordResetToken = function (email) { if (!email || typeof email !== 'string') { + debug('the email was missing to createPasswordResetToken. you sent %s', email); return Promise.reject('email is required when creating a JWT for resetting passord'); } + email = email.toLowerCase(); + debug('about to look up user by email %s', email); + return UserModel.findOne({profiles: {$elemMatch: {id: email}}}) .then(user => { if (user === null) { + debug('user was null on createPasswordResetToken lookup'); // since we don't want to reveal that the email does/doesn't exist // just go ahead and resolve the Promise with null and check in the endpoint return Promise.resolve(null); } + debug('found the user! %s going to create the token', JSON.stringify(user, null 2)); + const payload = {email, jti: uuid.v4(), userId: user.id, version: user.__v}; + + debug('created payload %s', JSON.stringify(payload)); + const token = jwt.sign(payload, process.env.TALK_SESSION_SECRET, {expiresIn: '1d'}); + debug('successfully created the token %s', token); + return token; }); }; diff --git a/routes/api/user/index.js b/routes/api/user/index.js index 1765809ad..05ebf7b61 100644 --- a/routes/api/user/index.js +++ b/routes/api/user/index.js @@ -8,6 +8,7 @@ const path = require('path'); const resetEmailFile = fs.readFileSync(path.resolve(__dirname, '../../../views/password-reset-email.ejs')); const resetEmailTemplate = ejs.compile(resetEmailFile.toString()); const authorization = require('../../../middleware/authorization'); +const debug = require('debug')('talk:users'); router.get('/', authorization.needed('admin'), (req, res, next) => { const { @@ -104,6 +105,8 @@ router.post('/update-password', (req, res, next) => { router.post('/request-password-reset', (req, res, next) => { const {email} = req.body; + debug('/request-password-reset body %s', JSON.stringify(req.body, null, 2)); + if (!email) { return next('you must submit an email when requesting a password.'); } @@ -112,6 +115,7 @@ router.post('/request-password-reset', (req, res, next) => { .createPasswordResetToken(email) .then(token => { if (token === null) { + debug('back in the route. the token was null for some reason %s', token); return Promise.resolve('the email was not found in the db.'); } @@ -125,10 +129,15 @@ router.post('/request-password-reset', (req, res, next) => { rootURL: process.env.TALK_ROOT_URL }) }; + + debug('about to send a simple email with the options %s', JSON.stringify(options, null, 2)); + return mailer.sendSimple(options); }) .then(() => { + debug('password reset email sent successfully'); + // we want to send a 204 regardless of the user being found in the db // if we fail on missing emails, it would reveal if people are registered or not. res.status(204).end(); @@ -136,6 +145,8 @@ router.post('/request-password-reset', (req, res, next) => { .catch(error => { const errorMsg = typeof error === 'string' ? error : error.message; + debug('there was an error sending your email %s', error); + res.status(500).json({error: errorMsg}); }); }); From d2ba04def1f278d459ed32537ebeb63a39062b14 Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Wed, 7 Dec 2016 10:28:58 -1000 Subject: [PATCH 2/6] add a comma --- models/user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/user.js b/models/user.js index 8c478fbb4..cabab8b64 100644 --- a/models/user.js +++ b/models/user.js @@ -455,7 +455,7 @@ UserService.createPasswordResetToken = function (email) { return Promise.resolve(null); } - debug('found the user! %s going to create the token', JSON.stringify(user, null 2)); + debug('found the user! %s going to create the token', JSON.stringify(user, null, 2)); const payload = {email, jti: uuid.v4(), userId: user.id, version: user.__v}; From 1c2b2c142ec5878e1f6c6a0b6178c8d668791592 Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Wed, 7 Dec 2016 11:04:57 -1000 Subject: [PATCH 3/6] change the environment vars. can't use sendgrid connection string --- .gitignore | 1 + services/mailer.js | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 5a42acb67..c76651868 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ dist/coral-admin/bundle.js tests/e2e/reports .DS_Store *.iml +*.swp dump.rdb .env gaba.cfg diff --git a/services/mailer.js b/services/mailer.js index 4da8024ca..0e9accf2b 100644 --- a/services/mailer.js +++ b/services/mailer.js @@ -1,10 +1,17 @@ const nodemailer = require('nodemailer'); -if (!process.env.TALK_SMTP_CONNECTION_URL) { +if (!process.env.TALK_SMTP_USERNAME || !process.env.TALK_SMTP_PASSWORD) { console.error('TALK_SMTP_CONNECTION_URL should be defined if you would like to send password reset emails from Talk'); } -const defaultTransporter = nodemailer.createTransport(process.env.TALK_SMTP_CONNECTION_URL); +const defaultTransporter = nodemailer.createTransport({ + // https://github.com/nodemailer/nodemailer-wellknown#supported-services + service: 'SendGrid', + auth: { + user: process.env.TALK_SMTP_USERNAME, + pass: process.env.TALK_SMTP_PASSWORD + } +}); const mailer = { From 7012684c2371de45504d3b50dfaa7a94bef6f299 Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Wed, 7 Dec 2016 11:06:09 -1000 Subject: [PATCH 4/6] correct error logs --- services/mailer.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/mailer.js b/services/mailer.js index 0e9accf2b..16da98f41 100644 --- a/services/mailer.js +++ b/services/mailer.js @@ -1,7 +1,7 @@ const nodemailer = require('nodemailer'); if (!process.env.TALK_SMTP_USERNAME || !process.env.TALK_SMTP_PASSWORD) { - console.error('TALK_SMTP_CONNECTION_URL should be defined if you would like to send password reset emails from Talk'); + console.error('TALK_SMTP_USERNAME and TALK_SMTP_PASSWORD should be defined if you would like to send password reset emails from Talk'); } const defaultTransporter = nodemailer.createTransport({ From 25cc1ecb20992a4c31fc3c99cb81e7eaa69ff40f Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Wed, 7 Dec 2016 11:23:59 -1000 Subject: [PATCH 5/6] remove debug statements --- models/user.js | 13 ------------- routes/api/user/index.js | 12 ------------ 2 files changed, 25 deletions(-) diff --git a/models/user.js b/models/user.js index cabab8b64..336486a54 100644 --- a/models/user.js +++ b/models/user.js @@ -2,7 +2,6 @@ const mongoose = require('../mongoose'); const uuid = require('uuid'); const bcrypt = require('bcrypt'); const jwt = require('jsonwebtoken'); -const debug = require('debug')('talk:users'); // SALT_ROUNDS is the number of rounds that the bcrypt algorithm will run // through during the salting process. @@ -436,35 +435,23 @@ UserService.findPublicByIdArray = (ids) => { */ UserService.createPasswordResetToken = function (email) { if (!email || typeof email !== 'string') { - debug('the email was missing to createPasswordResetToken. you sent %s', email); return Promise.reject('email is required when creating a JWT for resetting passord'); } - email = email.toLowerCase(); - debug('about to look up user by email %s', email); - return UserModel.findOne({profiles: {$elemMatch: {id: email}}}) .then(user => { if (user === null) { - debug('user was null on createPasswordResetToken lookup'); // since we don't want to reveal that the email does/doesn't exist // just go ahead and resolve the Promise with null and check in the endpoint return Promise.resolve(null); } - debug('found the user! %s going to create the token', JSON.stringify(user, null, 2)); - const payload = {email, jti: uuid.v4(), userId: user.id, version: user.__v}; - - debug('created payload %s', JSON.stringify(payload)); - const token = jwt.sign(payload, process.env.TALK_SESSION_SECRET, {expiresIn: '1d'}); - debug('successfully created the token %s', token); - return token; }); }; diff --git a/routes/api/user/index.js b/routes/api/user/index.js index 05ebf7b61..fa78b7dfe 100644 --- a/routes/api/user/index.js +++ b/routes/api/user/index.js @@ -8,7 +8,6 @@ const path = require('path'); const resetEmailFile = fs.readFileSync(path.resolve(__dirname, '../../../views/password-reset-email.ejs')); const resetEmailTemplate = ejs.compile(resetEmailFile.toString()); const authorization = require('../../../middleware/authorization'); -const debug = require('debug')('talk:users'); router.get('/', authorization.needed('admin'), (req, res, next) => { const { @@ -105,8 +104,6 @@ router.post('/update-password', (req, res, next) => { router.post('/request-password-reset', (req, res, next) => { const {email} = req.body; - debug('/request-password-reset body %s', JSON.stringify(req.body, null, 2)); - if (!email) { return next('you must submit an email when requesting a password.'); } @@ -115,7 +112,6 @@ router.post('/request-password-reset', (req, res, next) => { .createPasswordResetToken(email) .then(token => { if (token === null) { - debug('back in the route. the token was null for some reason %s', token); return Promise.resolve('the email was not found in the db.'); } @@ -130,23 +126,15 @@ router.post('/request-password-reset', (req, res, next) => { }) }; - debug('about to send a simple email with the options %s', JSON.stringify(options, null, 2)); - return mailer.sendSimple(options); }) .then(() => { - - debug('password reset email sent successfully'); - // we want to send a 204 regardless of the user being found in the db // if we fail on missing emails, it would reveal if people are registered or not. res.status(204).end(); }) .catch(error => { const errorMsg = typeof error === 'string' ? error : error.message; - - debug('there was an error sending your email %s', error); - res.status(500).json({error: errorMsg}); }); }); From a4af29cfa08912c072ca3f158b1b5188923a76bf Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Wed, 7 Dec 2016 11:32:42 -1000 Subject: [PATCH 6/6] put things back --- routes/api/user/index.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/routes/api/user/index.js b/routes/api/user/index.js index fa78b7dfe..1765809ad 100644 --- a/routes/api/user/index.js +++ b/routes/api/user/index.js @@ -125,16 +125,17 @@ router.post('/request-password-reset', (req, res, next) => { rootURL: process.env.TALK_ROOT_URL }) }; - return mailer.sendSimple(options); }) .then(() => { + // we want to send a 204 regardless of the user being found in the db // if we fail on missing emails, it would reveal if people are registered or not. res.status(204).end(); }) .catch(error => { const errorMsg = typeof error === 'string' ? error : error.message; + res.status(500).json({error: errorMsg}); }); });