Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-02-09 00:18:00 +01:00
Code Issues Projects Releases Wiki Activity
95a02158e8
unleash.unleash/src/lib/routes/auth/reset-password-controller.ts

159 lines
4.9 KiB
TypeScript
Raw Normal View History

Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
import { Request, Response } from 'express';
import Controller from '../controller';
import UserService from '../../services/user-service';
import { Logger } from '../../logger';
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-04-22 10:07:10 +02:00
import { IUnleashConfig } from '../../types/option';
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
import { IUnleashServices } from '../../types';
fix: always require permission for POST, PATCH, PUT, DELETE (#1152)
2021-12-03 12:46:50 +01:00
import { NONE } from '../../types/permissions';
Refactor: move openapi utils into /util directory (#1777) * Refactor: move openapi utils into /util directory * Refactor: move utils test into `util` directory * Refactor: don't expose standard responses tied to status codes * Feat: update empty response description + make it const * Chore: update snapshot with new response descriptions
2022-07-01 08:06:33 +02:00
import { createRequestSchema } from '../../openapi/util/create-request-schema';
import { createResponseSchema } from '../../openapi/util/create-response-schema';
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
import { OpenApiService } from '../../services/openapi-service';
import {
tokenUserSchema,
TokenUserSchema,
} from '../../openapi/spec/token-user-schema';
refactor: add schemas to user admin controller (#1692) * refactor: add schemas to user admin controller * refactor: remove unused SessionService * refactor: fix search query type confusion * refactor: add schemas to user controller (#1693) * refactor: add schemas to user controller * refactor: fix getAllUserSplashes method name * refactor: name and email should not be required on create * refactor: only some user fields may be updated * refactor: should not require any fields on user update (#1730) * refactor: send 400 instead of 500 on missing username and email * refactor: should not require any fields for user update * refactor: note that earlier versions required name or email * refactor: merge roleDescriptionSchema and roleSchema
2022-06-22 14:55:43 +02:00
import { EmailSchema } from '../../openapi/spec/email-schema';
refactor: fix empty response usage (#1783) * refactor: fix empty response usage * refactor: move emptyResponse into standard-responses.ts
2022-06-30 14:48:39 +02:00
import { emptyResponse } from '../../openapi/util/standard-responses';
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
interface IValidateQuery {
token: string;
}
interface IChangePasswordBody {
token: string;
password: string;
}
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
interface SessionRequest<PARAMS, QUERY, BODY, K>
extends Request<PARAMS, QUERY, BODY, K> {
user?;
}
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
class ResetPasswordController extends Controller {
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
private userService: UserService;
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
private openApiService: OpenApiService;
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
private logger: Logger;
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
constructor(
config: IUnleashConfig,
{
userService,
openApiService,
}: Pick<IUnleashServices, 'userService' | 'openApiService'>,
) {
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
super(config);
this.logger = config.getLogger(
'lib/routes/auth/reset-password-controller.ts',
);
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
this.openApiService = openApiService;
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
this.userService = userService;
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
this.route({
method: 'get',
path: '/validate',
handler: this.validateToken,
permission: NONE,
middleware: [
openApiService.validPath({
docs: prep to add OpenAPI spec to Unleash docs (#1907) * Docs: start experimenting with OpenAPI and docusaurus * Docs: add docusaurus-theme-openapi-docs pkg * Wip: current status * Docs: Add 'docusaurus-plugin-api-docs' * Move openapi into own sidebar; generate from localhost * Chore: Update docusaurus plugin for OpenAPI * Add website/yarn.lock to git * Fix: fix CSS warning by using flex-end instead of end * docs: make openapi generated code work again * docs: make tags work properly with openapi sidebar * Docs/chore: update OpenAPI tag scheme. Add a whole bunch of new tags to make it easier to understand available tags in OpenAPI. * docs: point to new openapi docs from old api docs * docs: typo * Docs: link restructure * docs: add operation indicators to openapi docs * docs: change badge color for operations * docs: update openapi-docs package It now sorts tags the same as the schema * docs: pluralize APIs in slug * docs: update links to generated api docs * docs: update openapi snapshot tests with new tags * docs: conditionally load spec from localhost or from file * docs: Remove changes relating to immediate switchover * refactor: rename types; extract into separate file * docs: fix api doc links
2022-08-12 11:37:57 +02:00
tags: ['Auth'],
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
operationId: 'validateToken',
responses: { 200: createResponseSchema('tokenUserSchema') },
}),
],
});
this.route({
method: 'post',
path: '/password',
handler: this.changePassword,
permission: NONE,
middleware: [
openApiService.validPath({
docs: prep to add OpenAPI spec to Unleash docs (#1907) * Docs: start experimenting with OpenAPI and docusaurus * Docs: add docusaurus-theme-openapi-docs pkg * Wip: current status * Docs: Add 'docusaurus-plugin-api-docs' * Move openapi into own sidebar; generate from localhost * Chore: Update docusaurus plugin for OpenAPI * Add website/yarn.lock to git * Fix: fix CSS warning by using flex-end instead of end * docs: make openapi generated code work again * docs: make tags work properly with openapi sidebar * Docs/chore: update OpenAPI tag scheme. Add a whole bunch of new tags to make it easier to understand available tags in OpenAPI. * docs: point to new openapi docs from old api docs * docs: typo * Docs: link restructure * docs: add operation indicators to openapi docs * docs: change badge color for operations * docs: update openapi-docs package It now sorts tags the same as the schema * docs: pluralize APIs in slug * docs: update links to generated api docs * docs: update openapi snapshot tests with new tags * docs: conditionally load spec from localhost or from file * docs: Remove changes relating to immediate switchover * refactor: rename types; extract into separate file * docs: fix api doc links
2022-08-12 11:37:57 +02:00
tags: ['Auth'],
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
operationId: 'changePassword',
requestBody: createRequestSchema('changePasswordSchema'),
responses: { 200: emptyResponse },
}),
],
});
this.route({
method: 'post',
path: '/validate-password',
handler: this.validatePassword,
permission: NONE,
middleware: [
openApiService.validPath({
docs: prep to add OpenAPI spec to Unleash docs (#1907) * Docs: start experimenting with OpenAPI and docusaurus * Docs: add docusaurus-theme-openapi-docs pkg * Wip: current status * Docs: Add 'docusaurus-plugin-api-docs' * Move openapi into own sidebar; generate from localhost * Chore: Update docusaurus plugin for OpenAPI * Add website/yarn.lock to git * Fix: fix CSS warning by using flex-end instead of end * docs: make openapi generated code work again * docs: make tags work properly with openapi sidebar * Docs/chore: update OpenAPI tag scheme. Add a whole bunch of new tags to make it easier to understand available tags in OpenAPI. * docs: point to new openapi docs from old api docs * docs: typo * Docs: link restructure * docs: add operation indicators to openapi docs * docs: change badge color for operations * docs: update openapi-docs package It now sorts tags the same as the schema * docs: pluralize APIs in slug * docs: update links to generated api docs * docs: update openapi snapshot tests with new tags * docs: conditionally load spec from localhost or from file * docs: Remove changes relating to immediate switchover * refactor: rename types; extract into separate file * docs: fix api doc links
2022-08-12 11:37:57 +02:00
tags: ['Auth'],
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
operationId: 'validatePassword',
requestBody: createRequestSchema('validatePasswordSchema'),
responses: { 200: emptyResponse },
}),
],
});
this.route({
method: 'post',
path: '/password-email',
handler: this.sendResetPasswordEmail,
permission: NONE,
middleware: [
openApiService.validPath({
docs: prep to add OpenAPI spec to Unleash docs (#1907) * Docs: start experimenting with OpenAPI and docusaurus * Docs: add docusaurus-theme-openapi-docs pkg * Wip: current status * Docs: Add 'docusaurus-plugin-api-docs' * Move openapi into own sidebar; generate from localhost * Chore: Update docusaurus plugin for OpenAPI * Add website/yarn.lock to git * Fix: fix CSS warning by using flex-end instead of end * docs: make openapi generated code work again * docs: make tags work properly with openapi sidebar * Docs/chore: update OpenAPI tag scheme. Add a whole bunch of new tags to make it easier to understand available tags in OpenAPI. * docs: point to new openapi docs from old api docs * docs: typo * Docs: link restructure * docs: add operation indicators to openapi docs * docs: change badge color for operations * docs: update openapi-docs package It now sorts tags the same as the schema * docs: pluralize APIs in slug * docs: update links to generated api docs * docs: update openapi snapshot tests with new tags * docs: conditionally load spec from localhost or from file * docs: Remove changes relating to immediate switchover * refactor: rename types; extract into separate file * docs: fix api doc links
2022-08-12 11:37:57 +02:00
tags: ['Auth'],
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
operationId: 'sendResetPasswordEmail',
refactor: add schemas to user admin controller (#1692) * refactor: add schemas to user admin controller * refactor: remove unused SessionService * refactor: fix search query type confusion * refactor: add schemas to user controller (#1693) * refactor: add schemas to user controller * refactor: fix getAllUserSplashes method name * refactor: name and email should not be required on create * refactor: only some user fields may be updated * refactor: should not require any fields on user update (#1730) * refactor: send 400 instead of 500 on missing username and email * refactor: should not require any fields for user update * refactor: note that earlier versions required name or email * refactor: merge roleDescriptionSchema and roleSchema
2022-06-22 14:55:43 +02:00
requestBody: createRequestSchema('emailSchema'),
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
responses: { 200: emptyResponse },
}),
],
});
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
refactor: add schemas to user admin controller (#1692) * refactor: add schemas to user admin controller * refactor: remove unused SessionService * refactor: fix search query type confusion * refactor: add schemas to user controller (#1693) * refactor: add schemas to user controller * refactor: fix getAllUserSplashes method name * refactor: name and email should not be required on create * refactor: only some user fields may be updated * refactor: should not require any fields on user update (#1730) * refactor: send 400 instead of 500 on missing username and email * refactor: should not require any fields for user update * refactor: note that earlier versions required name or email * refactor: merge roleDescriptionSchema and roleSchema
2022-06-22 14:55:43 +02:00
async sendResetPasswordEmail(
req: Request<unknown, unknown, EmailSchema>,
res: Response,
): Promise<void> {
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
const { email } = req.body;
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
await this.userService.createResetPasswordEmail(email);
res.status(200).end();
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
async validatePassword(req: Request, res: Response): Promise<void> {
const { password } = req.body;
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
this.userService.validatePassword(password);
res.status(200).end();
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
async validateToken(
req: Request<unknown, unknown, unknown, IValidateQuery>,
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
res: Response<TokenUserSchema>,
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
): Promise<void> {
const { token } = req.query;
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
const user = await this.userService.getUserForToken(token);
await this.logout(req);
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other
2022-06-22 13:31:41 +02:00
this.openApiService.respondWithValidation<TokenUserSchema>(
200,
res,
tokenUserSchema.$id,
user,
);
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
async changePassword(
req: Request<unknown, unknown, IChangePasswordBody, unknown>,
res: Response,
): Promise<void> {
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
await this.logout(req);
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
const { token, password } = req.body;
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method.
2021-08-13 10:36:19 +02:00
await this.userService.resetPassword(token, password);
res.status(200).end();
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
private async logout(req: SessionRequest<any, any, any, any>) {
if (req.session) {
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
req.session.destroy(() => {});
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806)
2021-04-27 09:16:44 +02:00
}
}
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778
2021-04-16 15:29:23 +02:00
}
export default ResetPasswordController;
Reference in New Issue Copy Permalink