Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-02-09 00:18:00 +01:00
Code Issues Projects Releases Wiki Activity
53354224fc
unleash.unleash/src/lib/routes/auth/reset-password-controller.ts

195 lines
6.6 KiB
TypeScript
Raw Normal View History

chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit.
2024-03-18 13:58:05 +01:00
import type { Request, Response } from 'express';
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
import Controller from '../controller';
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit.
2024-03-18 13:58:05 +01:00
import type UserService from '../../services/user-service';
import type { Logger } from '../../logger';
import type { IUnleashConfig } from '../../types/option';
import type { IUnleashServices } from '../../types';
fix: always require permission for POST, PATCH, PUT, DELETE (#1152)
2021-12-03 12:46:50 +01:00
import { NONE } from '../../types/permissions';
Refactor: move openapi utils into /util directory (#1777) * Refactor: move openapi utils into /util directory * Refactor: move utils test into `util` directory * Refactor: don't expose standard responses tied to status codes * Feat: update empty response description + make it const * Chore: update snapshot with new response descriptions
2022-07-01 08:06:33 +02:00
import { createRequestSchema } from '../../openapi/util/create-request-schema';
import { createResponseSchema } from '../../openapi/util/create-response-schema';
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit.
2024-03-18 13:58:05 +01:00
import type { OpenApiService } from '../../services/openapi-service';
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
import {
tokenUserSchema,
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit.
2024-03-18 13:58:05 +01:00
type TokenUserSchema,
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
} from '../../openapi/spec/token-user-schema';
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit.
2024-03-18 13:58:05 +01:00
import type { EmailSchema } from '../../openapi/spec/email-schema';
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
import {
emptyResponse,
getStandardResponses,
} from '../../openapi/util/standard-responses';
feat: rate limit password reset attempts (#6257)
2024-02-21 08:49:54 +01:00
import rateLimit from 'express-rate-limit';
import { minutesToMilliseconds } from 'date-fns';
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
interface IValidateQuery {
token: string;
}
interface IChangePasswordBody {
token: string;
password: string;
}
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
interface SessionRequest<PARAMS, QUERY, BODY, K>
extends Request<PARAMS, QUERY, BODY, K> {
user?;
}
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
class ResetPasswordController extends Controller {
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
private userService: UserService;
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
private openApiService: OpenApiService;
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
private logger: Logger;
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
constructor(
config: IUnleashConfig,
{
userService,
openApiService,
}: Pick<IUnleashServices, 'userService' | 'openApiService'>,
) {
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
super(config);
this.logger = config.getLogger(
'lib/routes/auth/reset-password-controller.ts',
);
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
this.openApiService = openApiService;
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
this.userService = userService;
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
this.route({
method: 'get',
path: '/validate',
handler: this.validateToken,
permission: NONE,
middleware: [
openApiService.validPath({
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
summary: 'Validates a token',
description:
'If the token is valid returns the user that owns the token',
docs: prep to add OpenAPI spec to Unleash docs (#1907) * Docs: start experimenting with OpenAPI and docusaurus * Docs: add docusaurus-theme-openapi-docs pkg * Wip: current status * Docs: Add 'docusaurus-plugin-api-docs' * Move openapi into own sidebar; generate from localhost * Chore: Update docusaurus plugin for OpenAPI * Add website/yarn.lock to git * Fix: fix CSS warning by using flex-end instead of end * docs: make openapi generated code work again * docs: make tags work properly with openapi sidebar * Docs/chore: update OpenAPI tag scheme. Add a whole bunch of new tags to make it easier to understand available tags in OpenAPI. * docs: point to new openapi docs from old api docs * docs: typo * Docs: link restructure * docs: add operation indicators to openapi docs * docs: change badge color for operations * docs: update openapi-docs package It now sorts tags the same as the schema * docs: pluralize APIs in slug * docs: update links to generated api docs * docs: update openapi snapshot tests with new tags * docs: conditionally load spec from localhost or from file * docs: Remove changes relating to immediate switchover * refactor: rename types; extract into separate file * docs: fix api doc links
2022-08-12 11:37:57 +02:00
tags: ['Auth'],
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
operationId: 'validateToken',
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
responses: {
200: createResponseSchema('tokenUserSchema'),
...getStandardResponses(401, 415),
},
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
}),
],
});
this.route({
method: 'post',
path: '/password',
handler: this.changePassword,
permission: NONE,
middleware: [
openApiService.validPath({
docs: prep to add OpenAPI spec to Unleash docs (#1907) * Docs: start experimenting with OpenAPI and docusaurus * Docs: add docusaurus-theme-openapi-docs pkg * Wip: current status * Docs: Add 'docusaurus-plugin-api-docs' * Move openapi into own sidebar; generate from localhost * Chore: Update docusaurus plugin for OpenAPI * Add website/yarn.lock to git * Fix: fix CSS warning by using flex-end instead of end * docs: make openapi generated code work again * docs: make tags work properly with openapi sidebar * Docs/chore: update OpenAPI tag scheme. Add a whole bunch of new tags to make it easier to understand available tags in OpenAPI. * docs: point to new openapi docs from old api docs * docs: typo * Docs: link restructure * docs: add operation indicators to openapi docs * docs: change badge color for operations * docs: update openapi-docs package It now sorts tags the same as the schema * docs: pluralize APIs in slug * docs: update links to generated api docs * docs: update openapi snapshot tests with new tags * docs: conditionally load spec from localhost or from file * docs: Remove changes relating to immediate switchover * refactor: rename types; extract into separate file * docs: fix api doc links
2022-08-12 11:37:57 +02:00
tags: ['Auth'],
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
summary: `Changes a user password`,
description:
'Allows users with a valid reset token to reset their password without remembering their old password',
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
operationId: 'changePassword',
requestBody: createRequestSchema('changePasswordSchema'),
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
responses: {
200: emptyResponse,
...getStandardResponses(401, 403, 415),
},
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
}),
],
});
this.route({
method: 'post',
path: '/validate-password',
handler: this.validatePassword,
permission: NONE,
middleware: [
openApiService.validPath({
docs: prep to add OpenAPI spec to Unleash docs (#1907) * Docs: start experimenting with OpenAPI and docusaurus * Docs: add docusaurus-theme-openapi-docs pkg * Wip: current status * Docs: Add 'docusaurus-plugin-api-docs' * Move openapi into own sidebar; generate from localhost * Chore: Update docusaurus plugin for OpenAPI * Add website/yarn.lock to git * Fix: fix CSS warning by using flex-end instead of end * docs: make openapi generated code work again * docs: make tags work properly with openapi sidebar * Docs/chore: update OpenAPI tag scheme. Add a whole bunch of new tags to make it easier to understand available tags in OpenAPI. * docs: point to new openapi docs from old api docs * docs: typo * Docs: link restructure * docs: add operation indicators to openapi docs * docs: change badge color for operations * docs: update openapi-docs package It now sorts tags the same as the schema * docs: pluralize APIs in slug * docs: update links to generated api docs * docs: update openapi snapshot tests with new tags * docs: conditionally load spec from localhost or from file * docs: Remove changes relating to immediate switchover * refactor: rename types; extract into separate file * docs: fix api doc links
2022-08-12 11:37:57 +02:00
tags: ['Auth'],
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
summary: 'Validates password',
description:
'Verifies that the password adheres to the [Unleash password guidelines](https://docs.getunleash.io/reference/deploy/securing-unleash#password-requirements)',
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
operationId: 'validatePassword',
requestBody: createRequestSchema('validatePasswordSchema'),
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
responses: {
200: emptyResponse,
...getStandardResponses(400, 415),
},
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
}),
],
});
this.route({
method: 'post',
path: '/password-email',
handler: this.sendResetPasswordEmail,
permission: NONE,
middleware: [
openApiService.validPath({
docs: prep to add OpenAPI spec to Unleash docs (#1907) * Docs: start experimenting with OpenAPI and docusaurus * Docs: add docusaurus-theme-openapi-docs pkg * Wip: current status * Docs: Add 'docusaurus-plugin-api-docs' * Move openapi into own sidebar; generate from localhost * Chore: Update docusaurus plugin for OpenAPI * Add website/yarn.lock to git * Fix: fix CSS warning by using flex-end instead of end * docs: make openapi generated code work again * docs: make tags work properly with openapi sidebar * Docs/chore: update OpenAPI tag scheme. Add a whole bunch of new tags to make it easier to understand available tags in OpenAPI. * docs: point to new openapi docs from old api docs * docs: typo * Docs: link restructure * docs: add operation indicators to openapi docs * docs: change badge color for operations * docs: update openapi-docs package It now sorts tags the same as the schema * docs: pluralize APIs in slug * docs: update links to generated api docs * docs: update openapi snapshot tests with new tags * docs: conditionally load spec from localhost or from file * docs: Remove changes relating to immediate switchover * refactor: rename types; extract into separate file * docs: fix api doc links
2022-08-12 11:37:57 +02:00
tags: ['Auth'],
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
summary: 'Reset password',
description:
'Requests a password reset email for the user. This email can be used to reset the password for a user that has forgotten their password',
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
operationId: 'sendResetPasswordEmail',
refactor: add schemas to user admin controller (#1692) * refactor: add schemas to user admin controller * refactor: remove unused SessionService * refactor: fix search query type confusion * refactor: add schemas to user controller (#1693) * refactor: add schemas to user controller * refactor: fix getAllUserSplashes method name * refactor: name and email should not be required on create * refactor: only some user fields may be updated * refactor: should not require any fields on user update (#1730) * refactor: send 400 instead of 500 on missing username and email * refactor: should not require any fields for user update * refactor: note that earlier versions required name or email * refactor: merge roleDescriptionSchema and roleSchema
2022-06-22 14:55:43 +02:00
requestBody: createRequestSchema('emailSchema'),
docs: Auth tag (#4126) ## What This adds openapi documentation for the Auth tagged operations and connected schemas. ## Discussion points Our user schema seems to be exposing quite a bit of internal fields, I flagged the isApi field as deprecated, I can imagine quite a few of these fields also being deprecated to prepare for removal in next major version, but I was unsure which ones were safe to do so with. ## Observation We have some technical debt around the shape of the schema we're claiming we're returning and what we actually are returning. I believe @gastonfournier also observed this when we turned on validation for our endpoints. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-07-04 10:31:54 +02:00
responses: {
200: emptyResponse,
...getStandardResponses(401, 404, 415),
},
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
}),
feat: rate limit password reset attempts (#6257)
2024-02-21 08:49:54 +01:00
rateLimit({
windowMs: minutesToMilliseconds(1),
max: config.rateLimiting.passwordResetMaxPerMinute,
validate: false,
standardHeaders: true,
legacyHeaders: false,
}),
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
],
});
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
refactor: add schemas to user admin controller (#1692) * refactor: add schemas to user admin controller * refactor: remove unused SessionService * refactor: fix search query type confusion * refactor: add schemas to user controller (#1693) * refactor: add schemas to user controller * refactor: fix getAllUserSplashes method name * refactor: name and email should not be required on create * refactor: only some user fields may be updated * refactor: should not require any fields on user update (#1730) * refactor: send 400 instead of 500 on missing username and email * refactor: should not require any fields for user update * refactor: note that earlier versions required name or email * refactor: merge roleDescriptionSchema and roleSchema
2022-06-22 14:55:43 +02:00
async sendResetPasswordEmail(
req: Request<unknown, unknown, EmailSchema>,
res: Response,
): Promise<void> {
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
const { email } = req.body;
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
await this.userService.createResetPasswordEmail(email);
res.status(200).end();
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
async validatePassword(req: Request, res: Response): Promise<void> {
const { password } = req.body;
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
this.userService.validatePassword(password);
res.status(200).end();
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
async validateToken(
req: Request<unknown, unknown, unknown, IValidateQuery>,
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
res: Response<TokenUserSchema>,
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
): Promise<void> {
const { token } = req.query;
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
const user = await this.userService.getUserForToken(token);
await this.logout(req);
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
this.openApiService.respondWithValidation<TokenUserSchema>(
200,
res,
tokenUserSchema.$id,
user,
);
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
async changePassword(
req: Request<unknown, unknown, IChangePasswordBody, unknown>,
res: Response,
): Promise<void> {
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
await this.logout(req);
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
const { token, password } = req.body;
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
await this.userService.resetPassword(token, password);
res.status(200).end();
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
private async logout(req: SessionRequest<any, any, any, any>) {
if (req.session) {
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
req.session.destroy(() => {});
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
}
}
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
export default ResetPasswordController;
Reference in New Issue Copy Permalink