reset password

2021-10-14 21:29:33 -07:00
parent 47f35aba3e
commit 7da0f3093d
2 changed files with 44 additions and 0 deletions
--- a/index.js
+++ b/index.js
@@ -6,6 +6,7 @@ const port = process.env.PORT || 3000;
 const bodyParser = require('body-parser');
 const cookieParser = require('cookie-parser');
 const cors = require('cors');
+const Notifications = require("./notifications");

 var corsOptions = {
    origin: ['http://localhost:8080', "https://social.emmint.com"],
@@ -141,6 +142,44 @@ DB.getDB.then((DB)=>{
        return await login(req, res);       
    });

+    function generatePassword() {
+        var length = 8,
+            charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
+            retVal = "";
+        for (var i = 0, n = charset.length; i < length; ++i) {
+            retVal += charset.charAt(Math.floor(Math.random() * n));
+        }
+        return retVal;
+    }
+
+    app.route('/resetPassword').post(async (req, res) => {
+        const session_id = getSessionId(req);
+        const user_sid = getUserId(req);
+        if (session_id && user_sid) {
+            const userInfo = await DB.checkSessionOnDB(session_id, user_sid);
+            if(userInfo) return res.redirect('/');
+        }
+        const username = req.body.username;
+        const user = await DB.getUser(username);
+        if (!user) return res.json({status: "user not founded"});
+        const password = generatePassword();
+        const hashedPassword = await bcrypt.hash(password, 10);
+        DB.resetUserPassword(username, hashedPassword);
+        //We need to limit this to every 2 hours or something like this.
+        Notifications.sendEmail(username, "Your new credentials", 
+`
+<p> Hello,</p>
+<p> This is your new password: ${password}</p>
+<p><a href="https://social.emmint.com/">Log in</a></p>
+<p>Blessings</p>
+<p>Emmanuel International Ministries</p>
+`)
+        return res.json({
+            status: "ok",
+            details: 'Check your email for new password'
+        });      
+    });
+
    app.post('/changeProfile', sessionChecker, async (req, res) => {
        const user_sid = getUserId(req);
        let profile = await DB.getProfile(req.body.profileid);
--- a/mongoDB.js
+++ b/mongoDB.js
@@ -35,6 +35,11 @@ const getDB = new Promise((resolve, reject) => {
            return DB.usersCol.findOne({ username: username });
        }

+        DB.resetUserPassword = (username, password)=>{
+            return DB.usersCol.updateOne({username}, {$set:{password}})
+                .catch(console.error);
+        }
+
        DB.getUserById = (userid)=>{
            const _id = new mongo.ObjectID(userid);
            return DB.usersCol.findOne({ _id });