1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
import { schema, rules, validator } from '@ioc:Adonis/Core/Validator';
import Token from 'App/Models/Token';
import moment from 'moment';
import crypto from 'node:crypto';
export default class ResetPasswordController {
/**
* Display the reset password form
*/
public async show({ view, request }: HttpContextContract) {
const { token } = request.qs();
if (token) {
return view.render('dashboard/resetPassword', { token });
}
return view.render('others/message', {
heading: 'Invalid token',
text: 'Please make sure you are using a valid and recent link to reset your password.',
});
}
/**
* Resets user password
*/
public async resetPassword({
response,
request,
session,
view,
}: HttpContextContract) {
try {
await validator.validate({
schema: schema.create({
password: schema.string([rules.required(), rules.confirmed()]),
token: schema.string([rules.required()]),
}),
data: request.only(['password', 'password_confirmation', 'token']),
});
} catch {
session.flash({
type: 'danger',
message: 'Passwords do not match',
});
return response.redirect(`/user/reset?token=${request.input('token')}`);
}
const tokenRow = await Token.query()
.preload('user')
.where('token', request.input('token'))
.where('type', 'forgot_password')
.where('is_revoked', false)
.where(
'updated_at',
'>=',
moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss'),
)
.first();
if (!tokenRow) {
return view.render('others/message', {
heading: 'Cannot reset your password',
text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.',
});
}
// Update user password
const hashedPassword = crypto
.createHash('sha256')
.update(request.input('password'))
.digest('base64');
tokenRow.user.password = hashedPassword;
await tokenRow.user.save();
// Delete token to prevent it from being used again
await tokenRow.delete();
return view.render('others/message', {
heading: 'Reset password',
text: 'Successfully reset your password. You can now login to your account using your new password.',
});
}
}
|