Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8f8e8e6df4a4a5d8759c95c2a07e457050830ed6
CommunitySolidServer/src/identity/interaction/email-password/handler/ResetPasswordHandler.ts
Joachim Van Herwegen 8f8e8e6df4 feat: Send reset password recordId as query parameter 
This is a revert of a previous change
but is now possible due to the use of JSON bodies.
This does mean JavaScript is required in the HTML page,
but that will be required for future changes anyway.
2022-02-11 10:52:45 +01:00

47 lines
1.8 KiB
TypeScript
Raw Blame History

import assert from 'assert';
import { getLoggerFor } from '../../../../logging/LogUtil';
import { readJsonStream } from '../../../../util/StreamUtil';
import type { InteractionResponseResult, InteractionHandlerInput } from '../../InteractionHandler';
import { InteractionHandler } from '../../InteractionHandler';
import { assertPassword } from '../EmailPasswordUtil';
import type { AccountStore } from '../storage/AccountStore';
/**
* Handles the submission of the ResetPassword form:
* this is the form that is linked in the reset password email.
*/
export class ResetPasswordHandler extends InteractionHandler {
protected readonly logger = getLoggerFor(this);
private readonly accountStore: AccountStore;
public constructor(accountStore: AccountStore) {
super();
this.accountStore = accountStore;
}
public async handle({ operation }: InteractionHandlerInput): Promise<InteractionResponseResult> {
// Validate input data
const { password, confirmPassword, recordId } = await readJsonStream(operation.body.data);
assert(
typeof recordId === 'string' && recordId.length > 0,
'Invalid request. Open the link from your email again',
);
assertPassword(password, confirmPassword);
await this.resetPassword(recordId, password);
return { type: 'response' };
}
/**
* Resets the password for the account associated with the given recordId.
*/
private async resetPassword(recordId: string, newPassword: string): Promise<void> {
const email = await this.accountStore.getForgotPasswordRecord(recordId);
assert(email, 'This reset password link is no longer valid.');
await this.accountStore.deleteForgotPasswordRecord(recordId);
await this.accountStore.changePassword(email, newPassword);
this.logger.debug(`Resetting password for user ${email}`);
}
}
Reference in New Issue View Git Blame Copy Permalink