Files
CommunitySolidServer/src/identity/interaction/email-password/handler/ResetPasswordHandler.ts
Joachim Van Herwegen 8f8e8e6df4 feat: Send reset password recordId as query parameter
This is a revert of a previous change
but is now possible due to the use of JSON bodies.
This does mean JavaScript is required in the HTML page,
but that will be required for future changes anyway.
2022-02-11 10:52:45 +01:00

47 lines
1.8 KiB
TypeScript

import assert from 'assert';
import { getLoggerFor } from '../../../../logging/LogUtil';
import { readJsonStream } from '../../../../util/StreamUtil';
import type { InteractionResponseResult, InteractionHandlerInput } from '../../InteractionHandler';
import { InteractionHandler } from '../../InteractionHandler';
import { assertPassword } from '../EmailPasswordUtil';
import type { AccountStore } from '../storage/AccountStore';
/**
* Handles the submission of the ResetPassword form:
* this is the form that is linked in the reset password email.
*/
export class ResetPasswordHandler extends InteractionHandler {
protected readonly logger = getLoggerFor(this);
private readonly accountStore: AccountStore;
public constructor(accountStore: AccountStore) {
super();
this.accountStore = accountStore;
}
public async handle({ operation }: InteractionHandlerInput): Promise<InteractionResponseResult> {
// Validate input data
const { password, confirmPassword, recordId } = await readJsonStream(operation.body.data);
assert(
typeof recordId === 'string' && recordId.length > 0,
'Invalid request. Open the link from your email again',
);
assertPassword(password, confirmPassword);
await this.resetPassword(recordId, password);
return { type: 'response' };
}
/**
* Resets the password for the account associated with the given recordId.
*/
private async resetPassword(recordId: string, newPassword: string): Promise<void> {
const email = await this.accountStore.getForgotPasswordRecord(recordId);
assert(email, 'This reset password link is no longer valid.');
await this.accountStore.deleteForgotPasswordRecord(recordId);
await this.accountStore.changePassword(email, newPassword);
this.logger.debug(`Resetting password for user ${email}`);
}
}