fix password reset
This commit is contained in:
parent
7476d647bb
commit
4a3f35cf55
|
@ -99,7 +99,7 @@ export class MailProvider {
|
||||||
postPasswdResetMail(to, ip, host, lang, code) {
|
postPasswdResetMail(to, ip, host, lang, code) {
|
||||||
const { t } = getTTag(lang);
|
const { t } = getTTag(lang);
|
||||||
logger.info(`Sending Password reset mail to ${to}`);
|
logger.info(`Sending Password reset mail to ${to}`);
|
||||||
const restoreUrl = `${host}/reset_password?token=${code}`;
|
const restoreUrl = `${host}/reset_password?token=${code}&email=${encodeURIComponent(to)}`;
|
||||||
const subject = t`You forgot your password for PixelPlanet? Get a new one here`;
|
const subject = t`You forgot your password for PixelPlanet? Get a new one here`;
|
||||||
const html = `<em>${t`Hello`}</em>,<br />
|
const html = `<em>${t`Hello`}</em>,<br />
|
||||||
${t`You requested to get a new password. You can change your password within the next 30min here: `} <a href="${restoreUrl}">${t`Reset Password`}</a>. ${t`Or by copying following url:`}<br />${restoreUrl}\n<br />
|
${t`You requested to get a new password. You can change your password within the next 30min here: `} <a href="${restoreUrl}">${t`Reset Password`}</a>. ${t`Or by copying following url:`}<br />${restoreUrl}\n<br />
|
||||||
|
|
|
@ -7,8 +7,8 @@ import express from 'express';
|
||||||
|
|
||||||
import logger from '../core/logger';
|
import logger from '../core/logger';
|
||||||
import getPasswordResetHtml from '../ssr/PasswordReset';
|
import getPasswordResetHtml from '../ssr/PasswordReset';
|
||||||
|
import { validateEMail } from '../utils/validation';
|
||||||
import mailProvider from '../core/MailProvider';
|
import { checkCode } from '../data/redis/mailCodes';
|
||||||
import { RegUser } from '../data/sql';
|
import { RegUser } from '../data/sql';
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,7 +25,9 @@ router.use(express.urlencoded({ extended: true }));
|
||||||
* if invalid password is given, ignore it and go to next
|
* if invalid password is given, ignore it and go to next
|
||||||
*/
|
*/
|
||||||
router.post('/', async (req, res) => {
|
router.post('/', async (req, res) => {
|
||||||
const { pass, passconf, code } = req.body;
|
const {
|
||||||
|
pass, passconf, code, name: email,
|
||||||
|
} = req.body;
|
||||||
const { lang } = req;
|
const { lang } = req;
|
||||||
const { t } = req.ttag;
|
const { t } = req.ttag;
|
||||||
|
|
||||||
|
@ -40,8 +42,8 @@ router.post('/', async (req, res) => {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const email = mailProvider.checkCode(code);
|
const ret = await checkCode(email, code);
|
||||||
if (!email) {
|
if (!ret) {
|
||||||
const html = getPasswordResetHtml(
|
const html = getPasswordResetHtml(
|
||||||
null,
|
null,
|
||||||
null,
|
null,
|
||||||
|
@ -94,7 +96,7 @@ router.post('/', async (req, res) => {
|
||||||
* Check GET parameters for action to execute
|
* Check GET parameters for action to execute
|
||||||
*/
|
*/
|
||||||
router.get('/', async (req, res) => {
|
router.get('/', async (req, res) => {
|
||||||
const { token } = req.query;
|
const { email, token } = req.query;
|
||||||
const { lang } = req;
|
const { lang } = req;
|
||||||
const { t } = req.ttag;
|
const { t } = req.ttag;
|
||||||
|
|
||||||
|
@ -109,21 +111,19 @@ router.get('/', async (req, res) => {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const email = mailProvider.checkCode(token);
|
const error = validateEMail(email);
|
||||||
if (!email) {
|
if (error) {
|
||||||
const html = getPasswordResetHtml(
|
const html = getPasswordResetHtml(
|
||||||
null,
|
null,
|
||||||
null,
|
null,
|
||||||
lang,
|
lang,
|
||||||
// eslint-disable-next-line max-len
|
error,
|
||||||
t`This passwort reset link is wrong or already expired, please request a new one (Note: you can use those links just once)`,
|
|
||||||
);
|
);
|
||||||
res.status(401).send(html);
|
res.status(401).send(html);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const code = mailProvider.setCode(email);
|
const html = getPasswordResetHtml(email, token, lang);
|
||||||
const html = getPasswordResetHtml(email, code);
|
|
||||||
res.status(200).send(html);
|
res.status(200).send(html);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -61,6 +61,7 @@ export default function getPasswordResetHtml(name, code, lang, message = null) {
|
||||||
style="max-width:35em"
|
style="max-width:35em"
|
||||||
/>
|
/>
|
||||||
<input type="hidden" name="code" value=${code} />
|
<input type="hidden" name="code" value=${code} />
|
||||||
|
<input type="hidden" name="name" value=${name} />
|
||||||
<button type="submit" name="submit">${t`Submit`}</button>
|
<button type="submit" name="submit">${t`Submit`}</button>
|
||||||
</form>
|
</form>
|
||||||
</body>
|
</body>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user