diff options
Diffstat (limited to 'app/Controllers/Http/Dashboard/ResetPasswordController.ts')
-rw-r--r-- | app/Controllers/Http/Dashboard/ResetPasswordController.ts | 51 |
1 files changed, 21 insertions, 30 deletions
diff --git a/app/Controllers/Http/Dashboard/ResetPasswordController.ts b/app/Controllers/Http/Dashboard/ResetPasswordController.ts index 0b9053f..b62b5d2 100644 --- a/app/Controllers/Http/Dashboard/ResetPasswordController.ts +++ b/app/Controllers/Http/Dashboard/ResetPasswordController.ts | |||
@@ -1,35 +1,30 @@ | |||
1 | import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'; | 1 | import type { HttpContext } from '@adonisjs/core/http' |
2 | import { schema, rules, validator } from '@ioc:Adonis/Core/Validator'; | 2 | import { schema, rules, validator } from '@adonisjs/validator' |
3 | import Token from 'App/Models/Token'; | 3 | import Token from '#app/Models/Token' |
4 | import moment from 'moment'; | 4 | import moment from 'moment' |
5 | import crypto from 'node:crypto'; | 5 | import crypto from 'node:crypto' |
6 | 6 | ||
7 | export default class ResetPasswordController { | 7 | export default class ResetPasswordController { |
8 | /** | 8 | /** |
9 | * Display the reset password form | 9 | * Display the reset password form |
10 | */ | 10 | */ |
11 | public async show({ view, request }: HttpContextContract) { | 11 | public async show({ view, request }: HttpContext) { |
12 | const { token } = request.qs(); | 12 | const { token } = request.qs() |
13 | 13 | ||
14 | if (token) { | 14 | if (token) { |
15 | return view.render('dashboard/resetPassword', { token }); | 15 | return view.render('dashboard/resetPassword', { token }) |
16 | } | 16 | } |
17 | 17 | ||
18 | return view.render('others/message', { | 18 | return view.render('others/message', { |
19 | heading: 'Invalid token', | 19 | heading: 'Invalid token', |
20 | text: 'Please make sure you are using a valid and recent link to reset your password.', | 20 | text: 'Please make sure you are using a valid and recent link to reset your password.', |
21 | }); | 21 | }) |
22 | } | 22 | } |
23 | 23 | ||
24 | /** | 24 | /** |
25 | * Resets user password | 25 | * Resets user password |
26 | */ | 26 | */ |
27 | public async resetPassword({ | 27 | public async resetPassword({ response, request, session, view }: HttpContext) { |
28 | response, | ||
29 | request, | ||
30 | session, | ||
31 | view, | ||
32 | }: HttpContextContract) { | ||
33 | try { | 28 | try { |
34 | await validator.validate({ | 29 | await validator.validate({ |
35 | schema: schema.create({ | 30 | schema: schema.create({ |
@@ -37,14 +32,14 @@ export default class ResetPasswordController { | |||
37 | token: schema.string([rules.required()]), | 32 | token: schema.string([rules.required()]), |
38 | }), | 33 | }), |
39 | data: request.only(['password', 'password_confirmation', 'token']), | 34 | data: request.only(['password', 'password_confirmation', 'token']), |
40 | }); | 35 | }) |
41 | } catch { | 36 | } catch { |
42 | session.flash({ | 37 | session.flash({ |
43 | type: 'danger', | 38 | type: 'danger', |
44 | message: 'Passwords do not match', | 39 | message: 'Passwords do not match', |
45 | }); | 40 | }) |
46 | 41 | ||
47 | return response.redirect(`/user/reset?token=${request.input('token')}`); | 42 | return response.redirect(`/user/reset?token=${request.input('token')}`) |
48 | } | 43 | } |
49 | 44 | ||
50 | const tokenRow = await Token.query() | 45 | const tokenRow = await Token.query() |
@@ -52,34 +47,30 @@ export default class ResetPasswordController { | |||
52 | .where('token', request.input('token')) | 47 | .where('token', request.input('token')) |
53 | .where('type', 'forgot_password') | 48 | .where('type', 'forgot_password') |
54 | .where('is_revoked', false) | 49 | .where('is_revoked', false) |
55 | .where( | 50 | .where('updated_at', '>=', moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss')) |
56 | 'updated_at', | 51 | .first() |
57 | '>=', | ||
58 | moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss'), | ||
59 | ) | ||
60 | .first(); | ||
61 | 52 | ||
62 | if (!tokenRow) { | 53 | if (!tokenRow) { |
63 | return view.render('others/message', { | 54 | return view.render('others/message', { |
64 | heading: 'Cannot reset your password', | 55 | heading: 'Cannot reset your password', |
65 | text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.', | 56 | text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.', |
66 | }); | 57 | }) |
67 | } | 58 | } |
68 | 59 | ||
69 | // Update user password | 60 | // Update user password |
70 | const hashedPassword = crypto | 61 | const hashedPassword = crypto |
71 | .createHash('sha256') | 62 | .createHash('sha256') |
72 | .update(request.input('password')) | 63 | .update(request.input('password')) |
73 | .digest('base64'); | 64 | .digest('base64') |
74 | tokenRow.user.password = hashedPassword; | 65 | tokenRow.user.password = hashedPassword |
75 | await tokenRow.user.save(); | 66 | await tokenRow.user.save() |
76 | 67 | ||
77 | // Delete token to prevent it from being used again | 68 | // Delete token to prevent it from being used again |
78 | await tokenRow.delete(); | 69 | await tokenRow.delete() |
79 | 70 | ||
80 | return view.render('others/message', { | 71 | return view.render('others/message', { |
81 | heading: 'Reset password', | 72 | heading: 'Reset password', |
82 | text: 'Successfully reset your password. You can now login to your account using your new password.', | 73 | text: 'Successfully reset your password. You can now login to your account using your new password.', |
83 | }); | 74 | }) |
84 | } | 75 | } |
85 | } | 76 | } |