unleash.unleash/src/lib/routes/auth/reset-password-controller.ts

import { Request, Response } from 'express';
import Controller from '../controller';
import UserService from '../../services/user-service';
import { Logger } from '../../logger';
import { IUnleashConfig } from '../../types/option';
import { IUnleashServices } from '../../types/services';
import { NONE } from '../../types/permissions';

interface IValidateQuery {
    token: string;
}

interface IChangePasswordBody {
    token: string;
    password: string;
}

interface SessionRequest<PARAMS, QUERY, BODY, K>
    extends Request<PARAMS, QUERY, BODY, K> {
    user?;
}

class ResetPasswordController extends Controller {
    private userService: UserService;

    private logger: Logger;

    constructor(config: IUnleashConfig, { userService }: IUnleashServices) {
        super(config);
        this.logger = config.getLogger(
            'lib/routes/auth/reset-password-controller.ts',
        );
        this.userService = userService;
        this.get('/validate', this.validateToken);
        this.post('/password', this.changePassword, NONE);
        this.post('/validate-password', this.validatePassword, NONE);
        this.post('/password-email', this.sendResetPasswordEmail, NONE);
    }

    async sendResetPasswordEmail(req: Request, res: Response): Promise<void> {
        const { email } = req.body;

        await this.userService.createResetPasswordEmail(email);
        res.status(200).end();
    }

    async validatePassword(req: Request, res: Response): Promise<void> {
        const { password } = req.body;

        this.userService.validatePassword(password);
        res.status(200).end();
    }

    async validateToken(
        req: Request<unknown, unknown, unknown, IValidateQuery>,
        res: Response,
    ): Promise<void> {
        const { token } = req.query;
        const user = await this.userService.getUserForToken(token);
        await this.logout(req);
        res.status(200).json(user);
    }

    async changePassword(
        req: Request<unknown, unknown, IChangePasswordBody, unknown>,
        res: Response,
    ): Promise<void> {
        await this.logout(req);
        const { token, password } = req.body;
        await this.userService.resetPassword(token, password);
        res.status(200).end();
    }

    private async logout(req: SessionRequest<any, any, any, any>) {
        if (req.session) {
            req.session.destroy(() => {});
        }
    }
}

export default ResetPasswordController;
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`import { Request, Response } from 'express';`
			`import Controller from '../controller';`
			`import UserService from '../../services/user-service';`
			`import { Logger } from '../../logger';`
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`import { IUnleashConfig } from '../../types/option';`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`import { IUnleashServices } from '../../types/services';`
fix: always require permission for POST, PATCH, PUT, DELETE (#1152) 2021-12-03 12:46:50 +01:00			`import { NONE } from '../../types/permissions';`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00
			`interface IValidateQuery {`
			`token: string;`
			`}`

			`interface IChangePasswordBody {`
			`token: string;`
			`password: string;`
			`}`

fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`interface SessionRequest<PARAMS, QUERY, BODY, K>`
			`extends Request<PARAMS, QUERY, BODY, K> {`
			`user?;`
			`}`

Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`class ResetPasswordController extends Controller {`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`private userService: UserService;`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`private logger: Logger;`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`constructor(config: IUnleashConfig, { userService }: IUnleashServices) {`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`super(config);`
			`this.logger = config.getLogger(`
			`'lib/routes/auth/reset-password-controller.ts',`
			`);`
			`this.userService = userService;`
			`this.get('/validate', this.validateToken);`
fix: always require permission for POST, PATCH, PUT, DELETE (#1152) 2021-12-03 12:46:50 +01:00			`this.post('/password', this.changePassword, NONE);`
			`this.post('/validate-password', this.validatePassword, NONE);`
			`this.post('/password-email', this.sendResetPasswordEmail, NONE);`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`async sendResetPasswordEmail(req: Request, res: Response): Promise<void> {`
			`const { email } = req.body;`

fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method. 2021-08-13 10:36:19 +02:00			`await this.userService.createResetPasswordEmail(email);`
			`res.status(200).end();`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`async validatePassword(req: Request, res: Response): Promise<void> {`
			`const { password } = req.body;`

fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method. 2021-08-13 10:36:19 +02:00			`this.userService.validatePassword(password);`
			`res.status(200).end();`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`async validateToken(`
			`req: Request<unknown, unknown, unknown, IValidateQuery>,`
			`res: Response,`
			`): Promise<void> {`
			`const { token } = req.query;`
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method. 2021-08-13 10:36:19 +02:00			`const user = await this.userService.getUserForToken(token);`
			`await this.logout(req);`
			`res.status(200).json(user);`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`async changePassword(`
			`req: Request<unknown, unknown, IChangePasswordBody, unknown>,`
			`res: Response,`
			`): Promise<void> {`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`await this.logout(req);`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`const { token, password } = req.body;`
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method. 2021-08-13 10:36:19 +02:00			`await this.userService.resetPassword(token, password);`
			`res.status(200).end();`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00
			`private async logout(req: SessionRequest<any, any, any, any>) {`
			`if (req.session) {`
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-08-12 15:04:37 +02:00			`req.session.destroy(() => {});`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`}`
			`}`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`export default ResetPasswordController;`