aboutsummaryrefslogtreecommitdiffstats
path: root/app/Controllers/Http/Dashboard/ResetPasswordController.ts
blob: b62b5d2877f0dd5e5654ea6c0d1e9ddefd0f04c6 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

import type { HttpContext } from '@adonisjs/core/http'
import { schema, rules, validator } from '@adonisjs/validator'
import Token from '#app/Models/Token'
import moment from 'moment'
import crypto from 'node:crypto'

export default class ResetPasswordController {
  /**
   * Display the reset password form
   */
  public async show({ view, request }: HttpContext) {
    const { token } = request.qs()

    if (token) {
      return view.render('dashboard/resetPassword', { token })
    }

    return view.render('others/message', {
      heading: 'Invalid token',
      text: 'Please make sure you are using a valid and recent link to reset your password.',
    })
  }

  /**
   * Resets user password
   */
  public async resetPassword({ response, request, session, view }: HttpContext) {
    try {
      await validator.validate({
        schema: schema.create({
          password: schema.string([rules.required(), rules.confirmed()]),
          token: schema.string([rules.required()]),
        }),
        data: request.only(['password', 'password_confirmation', 'token']),
      })
    } catch {
      session.flash({
        type: 'danger',
        message: 'Passwords do not match',
      })

      return response.redirect(`/user/reset?token=${request.input('token')}`)
    }

    const tokenRow = await Token.query()
      .preload('user')
      .where('token', request.input('token'))
      .where('type', 'forgot_password')
      .where('is_revoked', false)
      .where('updated_at', '>=', moment().subtract(24, 'hours').format('YYYY-MM-DD HH:mm:ss'))
      .first()

    if (!tokenRow) {
      return view.render('others/message', {
        heading: 'Cannot reset your password',
        text: 'Please make sure you are using a valid and recent link to reset your password and that your passwords entered match.',
      })
    }

    // Update user password
    const hashedPassword = crypto
      .createHash('sha256')
      .update(request.input('password'))
      .digest('base64')
    tokenRow.user.password = hashedPassword
    await tokenRow.user.save()

    // Delete token to prevent it from being used again
    await tokenRow.delete()

    return view.render('others/message', {
      heading: 'Reset password',
      text: 'Successfully reset your password. You can now login to your account using your new password.',
    })
  }
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-17 12:33:44 +0000