feat(users): add reset password flow (#772)

2025-09-17 17:24:35 +02:00 · 2021-02-05 15:23:57 +01:00
parent c0ea2bd189
commit e5966bd3fb
18 changed files with 734 additions and 29 deletions
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -197,4 +197,80 @@ authRoutes.get('/logout', (req, res, next) => {
  });
 });

+authRoutes.post('/reset-password', async (req, res) => {
+  const userRepository = getRepository(User);
+  const body = req.body as { email?: string };
+
+  if (!body.email) {
+    return res.status(500).json({ error: 'You must provide an email' });
+  }
+
+  const user = await userRepository.findOne({
+    where: { email: body.email },
+  });
+
+  if (user) {
+    await user.resetPassword();
+    userRepository.save(user);
+    logger.info('Successful request made for recovery link', {
+      label: 'User Management',
+      context: { ip: req.ip, email: body.email },
+    });
+  } else {
+    logger.info('Failed request made to reset a password', {
+      label: 'User Management',
+      context: { ip: req.ip, email: body.email },
+    });
+  }
+
+  return res.status(200).json({ status: 'ok' });
+});
+
+authRoutes.post('/reset-password/:guid', async (req, res, next) => {
+  const userRepository = getRepository(User);
+
+  try {
+    if (!req.body.password || req.body.password?.length < 8) {
+      const message =
+        'Failed to reset password. Password must be atleast 8 characters long.';
+      logger.info(message, {
+        label: 'User Management',
+        context: { ip: req.ip, guid: req.params.guid },
+      });
+      return next({ status: 500, message: message });
+    }
+
+    const user = await userRepository.findOne({
+      where: { resetPasswordGuid: req.params.guid },
+    });
+
+    if (!user) {
+      throw new Error('Guid invalid.');
+    }
+
+    if (
+      !user.recoveryLinkExpirationDate ||
+      user.recoveryLinkExpirationDate <= new Date()
+    ) {
+      throw new Error('Recovery link expired.');
+    }
+
+    await user.setPassword(req.body.password);
+    user.recoveryLinkExpirationDate = null;
+    userRepository.save(user);
+    logger.info(`Successfully reset password`, {
+      label: 'User Management',
+      context: { ip: req.ip, guid: req.params.guid, email: user.email },
+    });
+
+    return res.status(200).json({ status: 'ok' });
+  } catch (e) {
+    logger.info(`Failed to reset password. ${e.message}`, {
+      label: 'User Management',
+      context: { ip: req.ip, guid: req.params.guid },
+    });
+    return res.status(200).json({ status: 'ok' });
+  }
+});
+
 export default authRoutes;