1 files changed, 85 insertions, 0 deletions
diff --git a/app/Controllers/Http/Dashboard/ResetPasswordController.ts b/app/Controllers/Http/Dashboard/ResetPasswordController.ts
new file mode 100644
index 0000000..0b9053f
--- /dev/null
+++ b/app/Controllers/Http/Dashboard/ResetPasswordController.ts
@@ -0,0 +1,85 @@
+import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
+import { schema, rules, validator } from '@ioc:Adonis/Core/Validator';
+import Token from 'App/Models/Token';
+import moment from 'moment';
+import crypto from 'node:crypto';
+export default class ResetPasswordController {
+  /**
+   * Display the reset password form
+   */
+  public async show({ view, request }: HttpContextContract) {
+    const { token } = request.qs();
+    if (token) {
+      return view.render('dashboard/resetPassword', { token });
+    }
+    return view.render('others/message', {
+      heading: 'Invalid token',
+      text: 'Please make sure you are using a valid and recent link to reset your password.',
+    });
+  }
+  /**
+   * Resets user password
+   */
+  public async resetPassword({
+    response,
+    request,
+    session,
+    view,
+  }: HttpContextContract) {
+    try {
+      await validator.validate({
+        schema: schema.create({
+          password: schema.string([rules.required(), rules.confirmed()]),
+          token: schema.string([rules.required()]),
+        }),
+        data: request.only(['password', 'password_confirmation', 'token']),
+      });
+    } catch {
+      session.flash({
+        type: 'danger',
+        message: 'Passwords do not match',
+      });
+      return response.redirect(`/user/reset?token=${request.input('token')}`);
+    }
+    const tokenRow = await Token.query()
+      .preload('user')
+      .where('token', request.input('token'))
+      .where('type', 'forgot_password')
+      .where('is_revoked', false)
+      .where(
+        'updated_at',
+        '>=',
+        moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss'),
+      )
+      .first();
+    if (!tokenRow) {
+      return view.render('others/message', {
+        heading: 'Cannot reset your password',
+        text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.',
+      });
+    }
+    // Update user password
+    const hashedPassword = crypto
+      .createHash('sha256')
+      .update(request.input('password'))
+      .digest('base64');
+    tokenRow.user.password = hashedPassword;
+    await tokenRow.user.save();
+    // Delete token to prevent it from being used again
+    await tokenRow.delete();
+    return view.render('others/message', {
+      heading: 'Reset password',
+      text: 'Successfully reset your password. You can now login to your account using your new password.',
+    });
+  }
+}

diff --git a/app/Controllers/Http/Dashboard/ResetPasswordController.ts b/app/Controllers/Http/Dashboard/ResetPasswordController.ts new file mode 100644 index 0000000..0b9053f --- /dev/null +++ b/app/Controllers/Http/Dashboard/ResetPasswordController.ts
@@ -0,0 +1,85 @@
	1	import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
	2	import { schema, rules, validator } from '@ioc:Adonis/Core/Validator';
	3	import Token from 'App/Models/Token';
	4	import moment from 'moment';
	5	import crypto from 'node:crypto';
	6
	7	export default class ResetPasswordController {
	8	/**
	9	* Display the reset password form
	10	*/
	11	public async show({ view, request }: HttpContextContract) {
	12	const { token } = request.qs();
	13
	14	if (token) {
	15	return view.render('dashboard/resetPassword', { token });
	16	}
	17
	18	return view.render('others/message', {
	19	heading: 'Invalid token',
	20	text: 'Please make sure you are using a valid and recent link to reset your password.',
	21	});
	22	}
	23
	24	/**
	25	* Resets user password
	26	*/
	27	public async resetPassword({
	28	response,
	29	request,
	30	session,
	31	view,
	32	}: HttpContextContract) {
	33	try {
	34	await validator.validate({
	35	schema: schema.create({
	36	password: schema.string([rules.required(), rules.confirmed()]),
	37	token: schema.string([rules.required()]),
	38	}),
	39	data: request.only(['password', 'password_confirmation', 'token']),
	40	});
	41	} catch {
	42	session.flash({
	43	type: 'danger',
	44	message: 'Passwords do not match',
	45	});
	46
	47	return response.redirect(`/user/reset?token=${request.input('token')}`);
	48	}
	49
	50	const tokenRow = await Token.query()
	51	.preload('user')
	52	.where('token', request.input('token'))
	53	.where('type', 'forgot_password')
	54	.where('is_revoked', false)
	55	.where(
	56	'updated_at',
	57	'>=',
	58	moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss'),
	59	)
	60	.first();
	61
	62	if (!tokenRow) {
	63	return view.render('others/message', {
	64	heading: 'Cannot reset your password',
	65	text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.',
	66	});
	67	}
	68
	69	// Update user password
	70	const hashedPassword = crypto
	71	.createHash('sha256')
	72	.update(request.input('password'))
	73	.digest('base64');
	74	tokenRow.user.password = hashedPassword;
	75	await tokenRow.user.save();
	76
	77	// Delete token to prevent it from being used again
	78	await tokenRow.delete();
	79
	80	return view.render('others/message', {
	81	heading: 'Reset password',
	82	text: 'Successfully reset your password. You can now login to your account using your new password.',
	83	});
	84	}
	85	}