diff options
Diffstat (limited to 'app/Controllers/Http/Dashboard/ResetPasswordController.ts')
-rw-r--r-- | app/Controllers/Http/Dashboard/ResetPasswordController.ts | 49 |
1 files changed, 29 insertions, 20 deletions
diff --git a/app/Controllers/Http/Dashboard/ResetPasswordController.ts b/app/Controllers/Http/Dashboard/ResetPasswordController.ts index b62b5d2..261d773 100644 --- a/app/Controllers/Http/Dashboard/ResetPasswordController.ts +++ b/app/Controllers/Http/Dashboard/ResetPasswordController.ts | |||
@@ -1,30 +1,35 @@ | |||
1 | import type { HttpContext } from '@adonisjs/core/http' | 1 | import type { HttpContext } from '@adonisjs/core/http'; |
2 | import { schema, rules, validator } from '@adonisjs/validator' | 2 | import { schema, rules, validator } from '@adonisjs/validator'; |
3 | import Token from '#app/Models/Token' | 3 | import Token from '#app/Models/Token'; |
4 | import moment from 'moment' | 4 | import moment from 'moment'; |
5 | import crypto from 'node:crypto' | 5 | import crypto from 'node:crypto'; |
6 | 6 | ||
7 | export default class ResetPasswordController { | 7 | export default class ResetPasswordController { |
8 | /** | 8 | /** |
9 | * Display the reset password form | 9 | * Display the reset password form |
10 | */ | 10 | */ |
11 | public async show({ view, request }: HttpContext) { | 11 | public async show({ view, request }: HttpContext) { |
12 | const { token } = request.qs() | 12 | const { token } = request.qs(); |
13 | 13 | ||
14 | if (token) { | 14 | if (token) { |
15 | return view.render('dashboard/resetPassword', { token }) | 15 | return view.render('dashboard/resetPassword', { token }); |
16 | } | 16 | } |
17 | 17 | ||
18 | return view.render('others/message', { | 18 | return view.render('others/message', { |
19 | heading: 'Invalid token', | 19 | heading: 'Invalid token', |
20 | text: 'Please make sure you are using a valid and recent link to reset your password.', | 20 | text: 'Please make sure you are using a valid and recent link to reset your password.', |
21 | }) | 21 | }); |
22 | } | 22 | } |
23 | 23 | ||
24 | /** | 24 | /** |
25 | * Resets user password | 25 | * Resets user password |
26 | */ | 26 | */ |
27 | public async resetPassword({ response, request, session, view }: HttpContext) { | 27 | public async resetPassword({ |
28 | response, | ||
29 | request, | ||
30 | session, | ||
31 | view, | ||
32 | }: HttpContext) { | ||
28 | try { | 33 | try { |
29 | await validator.validate({ | 34 | await validator.validate({ |
30 | schema: schema.create({ | 35 | schema: schema.create({ |
@@ -32,14 +37,14 @@ export default class ResetPasswordController { | |||
32 | token: schema.string([rules.required()]), | 37 | token: schema.string([rules.required()]), |
33 | }), | 38 | }), |
34 | data: request.only(['password', 'password_confirmation', 'token']), | 39 | data: request.only(['password', 'password_confirmation', 'token']), |
35 | }) | 40 | }); |
36 | } catch { | 41 | } catch { |
37 | session.flash({ | 42 | session.flash({ |
38 | type: 'danger', | 43 | type: 'danger', |
39 | message: 'Passwords do not match', | 44 | message: 'Passwords do not match', |
40 | }) | 45 | }); |
41 | 46 | ||
42 | return response.redirect(`/user/reset?token=${request.input('token')}`) | 47 | return response.redirect(`/user/reset?token=${request.input('token')}`); |
43 | } | 48 | } |
44 | 49 | ||
45 | const tokenRow = await Token.query() | 50 | const tokenRow = await Token.query() |
@@ -47,30 +52,34 @@ export default class ResetPasswordController { | |||
47 | .where('token', request.input('token')) | 52 | .where('token', request.input('token')) |
48 | .where('type', 'forgot_password') | 53 | .where('type', 'forgot_password') |
49 | .where('is_revoked', false) | 54 | .where('is_revoked', false) |
50 | .where('updated_at', '>=', moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss')) | 55 | .where( |
51 | .first() | 56 | 'updated_at', |
57 | '>=', | ||
58 | moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss'), | ||
59 | ) | ||
60 | .first(); | ||
52 | 61 | ||
53 | if (!tokenRow) { | 62 | if (!tokenRow) { |
54 | return view.render('others/message', { | 63 | return view.render('others/message', { |
55 | heading: 'Cannot reset your password', | 64 | heading: 'Cannot reset your password', |
56 | text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.', | 65 | text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.', |
57 | }) | 66 | }); |
58 | } | 67 | } |
59 | 68 | ||
60 | // Update user password | 69 | // Update user password |
61 | const hashedPassword = crypto | 70 | const hashedPassword = crypto |
62 | .createHash('sha256') | 71 | .createHash('sha256') |
63 | .update(request.input('password')) | 72 | .update(request.input('password')) |
64 | .digest('base64') | 73 | .digest('base64'); |
65 | tokenRow.user.password = hashedPassword | 74 | tokenRow.user.password = hashedPassword; |
66 | await tokenRow.user.save() | 75 | await tokenRow.user.save(); |
67 | 76 | ||
68 | // Delete token to prevent it from being used again | 77 | // Delete token to prevent it from being used again |
69 | await tokenRow.delete() | 78 | await tokenRow.delete(); |
70 | 79 | ||
71 | return view.render('others/message', { | 80 | return view.render('others/message', { |
72 | heading: 'Reset password', | 81 | heading: 'Reset password', |
73 | text: 'Successfully reset your password. You can now login to your account using your new password.', | 82 | text: 'Successfully reset your password. You can now login to your account using your new password.', |
74 | }) | 83 | }); |
75 | } | 84 | } |
76 | } | 85 | } |