fix password reset
This commit is contained in:
parent
7476d647bb
commit
4a3f35cf55
|
|
@ -99,7 +99,7 @@ export class MailProvider {
|
|||
postPasswdResetMail(to, ip, host, lang, code) {
|
||||
const { t } = getTTag(lang);
|
||||
logger.info(`Sending Password reset mail to ${to}`);
|
||||
const restoreUrl = `${host}/reset_password?token=${code}`;
|
||||
const restoreUrl = `${host}/reset_password?token=${code}&email=${encodeURIComponent(to)}`;
|
||||
const subject = t`You forgot your password for PixelPlanet? Get a new one here`;
|
||||
const html = `<em>${t`Hello`}</em>,<br />
|
||||
${t`You requested to get a new password. You can change your password within the next 30min here: `} <a href="${restoreUrl}">${t`Reset Password`}</a>. ${t`Or by copying following url:`}<br />${restoreUrl}\n<br />
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ import express from 'express';
|
|||
|
||||
import logger from '../core/logger';
|
||||
import getPasswordResetHtml from '../ssr/PasswordReset';
|
||||
|
||||
import mailProvider from '../core/MailProvider';
|
||||
import { validateEMail } from '../utils/validation';
|
||||
import { checkCode } from '../data/redis/mailCodes';
|
||||
import { RegUser } from '../data/sql';
|
||||
|
||||
|
||||
|
|
@ -25,7 +25,9 @@ router.use(express.urlencoded({ extended: true }));
|
|||
* if invalid password is given, ignore it and go to next
|
||||
*/
|
||||
router.post('/', async (req, res) => {
|
||||
const { pass, passconf, code } = req.body;
|
||||
const {
|
||||
pass, passconf, code, name: email,
|
||||
} = req.body;
|
||||
const { lang } = req;
|
||||
const { t } = req.ttag;
|
||||
|
||||
|
|
@ -40,8 +42,8 @@ router.post('/', async (req, res) => {
|
|||
return;
|
||||
}
|
||||
|
||||
const email = mailProvider.checkCode(code);
|
||||
if (!email) {
|
||||
const ret = await checkCode(email, code);
|
||||
if (!ret) {
|
||||
const html = getPasswordResetHtml(
|
||||
null,
|
||||
null,
|
||||
|
|
@ -94,7 +96,7 @@ router.post('/', async (req, res) => {
|
|||
* Check GET parameters for action to execute
|
||||
*/
|
||||
router.get('/', async (req, res) => {
|
||||
const { token } = req.query;
|
||||
const { email, token } = req.query;
|
||||
const { lang } = req;
|
||||
const { t } = req.ttag;
|
||||
|
||||
|
|
@ -109,21 +111,19 @@ router.get('/', async (req, res) => {
|
|||
return;
|
||||
}
|
||||
|
||||
const email = mailProvider.checkCode(token);
|
||||
if (!email) {
|
||||
const error = validateEMail(email);
|
||||
if (error) {
|
||||
const html = getPasswordResetHtml(
|
||||
null,
|
||||
null,
|
||||
lang,
|
||||
// eslint-disable-next-line max-len
|
||||
t`This passwort reset link is wrong or already expired, please request a new one (Note: you can use those links just once)`,
|
||||
error,
|
||||
);
|
||||
res.status(401).send(html);
|
||||
return;
|
||||
}
|
||||
|
||||
const code = mailProvider.setCode(email);
|
||||
const html = getPasswordResetHtml(email, code);
|
||||
const html = getPasswordResetHtml(email, token, lang);
|
||||
res.status(200).send(html);
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ export default function getPasswordResetHtml(name, code, lang, message = null) {
|
|||
style="max-width:35em"
|
||||
/>
|
||||
<input type="hidden" name="code" value=${code} />
|
||||
<input type="hidden" name="name" value=${name} />
|
||||
<button type="submit" name="submit">${t`Submit`}</button>
|
||||
</form>
|
||||
</body>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user