Add password reset flow

2026-01-28 14:28:02 -05:00 · 2020-09-01 15:58:12 -04:00
parent 64e77ec9fb
commit e4f8b16717
7 changed files with 124 additions and 9 deletions
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -10,6 +10,7 @@ import { InvalidPayloadException } from '../exceptions/invalid-payload';
 import ms from 'ms';
 import cookieParser from 'cookie-parser';
 import env from '../env';
+import UsersService from '../services/users';

 const router = Router();

@@ -153,6 +154,55 @@ router.post(
 	})
 );

+router.post(
+	'/password/request',
+	asyncHandler(async (req, res) => {
+		if (!req.body.email) {
+			throw new InvalidPayloadException(`"email" field is required.`);
+		}
+
+		const accountability = {
+			ip: req.ip,
+			userAgent: req.get('user-agent'),
+			role: null,
+		};
+
+		const service = new UsersService({ accountability });
+
+		try {
+			await service.requestPasswordReset(req.body.email);
+		} catch {
+			// We don't want to give away what email addresses exist, so we'll always return a 200
+			// from this endpoint
+		} finally {
+			return res.status(200).end();
+		}
+	})
+)
+
+router.post(
+	'/password/reset',
+	asyncHandler(async (req, res) => {
+		if (!req.body.token) {
+			throw new InvalidPayloadException(`"token" field is required.`);
+		}
+
+		if (!req.body.password) {
+			throw new InvalidPayloadException(`"password" field is required.`);
+		}
+
+		const accountability = {
+			ip: req.ip,
+			userAgent: req.get('user-agent'),
+			role: null,
+		};
+
+		const service = new UsersService({ accountability });
+		await service.resetPassword(req.body.token, req.body.password);
+		return res.status(200).end();
+	})
+)
+
 router.use(
 	'/sso',
 	session({ secret: env.SECRET as string, saveUninitialized: false, resave: false })