diff options
Diffstat (limited to 'app/Controllers/Http/Dashboard/ResetPasswordController.ts')
-rw-r--r-- | app/Controllers/Http/Dashboard/ResetPasswordController.ts | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/app/Controllers/Http/Dashboard/ResetPasswordController.ts b/app/Controllers/Http/Dashboard/ResetPasswordController.ts new file mode 100644 index 0000000..0b9053f --- /dev/null +++ b/app/Controllers/Http/Dashboard/ResetPasswordController.ts | |||
@@ -0,0 +1,85 @@ | |||
1 | import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'; | ||
2 | import { schema, rules, validator } from '@ioc:Adonis/Core/Validator'; | ||
3 | import Token from 'App/Models/Token'; | ||
4 | import moment from 'moment'; | ||
5 | import crypto from 'node:crypto'; | ||
6 | |||
7 | export default class ResetPasswordController { | ||
8 | /** | ||
9 | * Display the reset password form | ||
10 | */ | ||
11 | public async show({ view, request }: HttpContextContract) { | ||
12 | const { token } = request.qs(); | ||
13 | |||
14 | if (token) { | ||
15 | return view.render('dashboard/resetPassword', { token }); | ||
16 | } | ||
17 | |||
18 | return view.render('others/message', { | ||
19 | heading: 'Invalid token', | ||
20 | text: 'Please make sure you are using a valid and recent link to reset your password.', | ||
21 | }); | ||
22 | } | ||
23 | |||
24 | /** | ||
25 | * Resets user password | ||
26 | */ | ||
27 | public async resetPassword({ | ||
28 | response, | ||
29 | request, | ||
30 | session, | ||
31 | view, | ||
32 | }: HttpContextContract) { | ||
33 | try { | ||
34 | await validator.validate({ | ||
35 | schema: schema.create({ | ||
36 | password: schema.string([rules.required(), rules.confirmed()]), | ||
37 | token: schema.string([rules.required()]), | ||
38 | }), | ||
39 | data: request.only(['password', 'password_confirmation', 'token']), | ||
40 | }); | ||
41 | } catch { | ||
42 | session.flash({ | ||
43 | type: 'danger', | ||
44 | message: 'Passwords do not match', | ||
45 | }); | ||
46 | |||
47 | return response.redirect(`/user/reset?token=${request.input('token')}`); | ||
48 | } | ||
49 | |||
50 | const tokenRow = await Token.query() | ||
51 | .preload('user') | ||
52 | .where('token', request.input('token')) | ||
53 | .where('type', 'forgot_password') | ||
54 | .where('is_revoked', false) | ||
55 | .where( | ||
56 | 'updated_at', | ||
57 | '>=', | ||
58 | moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss'), | ||
59 | ) | ||
60 | .first(); | ||
61 | |||
62 | if (!tokenRow) { | ||
63 | return view.render('others/message', { | ||
64 | heading: 'Cannot reset your password', | ||
65 | text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.', | ||
66 | }); | ||
67 | } | ||
68 | |||
69 | // Update user password | ||
70 | const hashedPassword = crypto | ||
71 | .createHash('sha256') | ||
72 | .update(request.input('password')) | ||
73 | .digest('base64'); | ||
74 | tokenRow.user.password = hashedPassword; | ||
75 | await tokenRow.user.save(); | ||
76 | |||
77 | // Delete token to prevent it from being used again | ||
78 | await tokenRow.delete(); | ||
79 | |||
80 | return view.render('others/message', { | ||
81 | heading: 'Reset password', | ||
82 | text: 'Successfully reset your password. You can now login to your account using your new password.', | ||
83 | }); | ||
84 | } | ||
85 | } | ||