unleash.unleash/src/lib/routes/auth/reset-password-controller.ts

import { Request, Response } from 'express';
import Controller from '../controller';
import UserService from '../../services/user-service';
import { Logger } from '../../logger';
import { IUnleashConfig } from '../../types/option';
import { IUnleashServices } from '../../types';
import { NONE } from '../../types/permissions';
import { createRequestSchema, createResponseSchema } from '../../openapi';
import { emptyResponse } from '../../openapi/spec/empty-response';
import { OpenApiService } from '../../services/openapi-service';
import {
    tokenUserSchema,
    TokenUserSchema,
} from '../../openapi/spec/token-user-schema';

interface IValidateQuery {
    token: string;
}

interface IChangePasswordBody {
    token: string;
    password: string;
}

interface SessionRequest<PARAMS, QUERY, BODY, K>
    extends Request<PARAMS, QUERY, BODY, K> {
    user?;
}

class ResetPasswordController extends Controller {
    private userService: UserService;

    private openApiService: OpenApiService;

    private logger: Logger;

    constructor(
        config: IUnleashConfig,
        {
            userService,
            openApiService,
        }: Pick<IUnleashServices, 'userService' | 'openApiService'>,
    ) {
        super(config);
        this.logger = config.getLogger(
            'lib/routes/auth/reset-password-controller.ts',
        );
        this.openApiService = openApiService;
        this.userService = userService;
        this.route({
            method: 'get',
            path: '/validate',
            handler: this.validateToken,
            permission: NONE,
            middleware: [
                openApiService.validPath({
                    tags: ['other'],
                    operationId: 'validateToken',
                    responses: { 200: createResponseSchema('tokenUserSchema') },
                }),
            ],
        });
        this.route({
            method: 'post',
            path: '/password',
            handler: this.changePassword,
            permission: NONE,
            middleware: [
                openApiService.validPath({
                    tags: ['other'],
                    operationId: 'changePassword',
                    requestBody: createRequestSchema('changePasswordSchema'),
                    responses: { 200: emptyResponse },
                }),
            ],
        });
        this.route({
            method: 'post',
            path: '/validate-password',
            handler: this.validatePassword,
            permission: NONE,
            middleware: [
                openApiService.validPath({
                    tags: ['other'],
                    operationId: 'validatePassword',
                    requestBody: createRequestSchema('validatePasswordSchema'),
                    responses: { 200: emptyResponse },
                }),
            ],
        });
        this.route({
            method: 'post',
            path: '/password-email',
            handler: this.sendResetPasswordEmail,
            permission: NONE,
            middleware: [
                openApiService.validPath({
                    tags: ['other'],
                    operationId: 'sendResetPasswordEmail',
                    requestBody: createRequestSchema('resetPasswordSchema'),
                    responses: { 200: emptyResponse },
                }),
            ],
        });
    }

    async sendResetPasswordEmail(req: Request, res: Response): Promise<void> {
        const { email } = req.body;

        await this.userService.createResetPasswordEmail(email);
        res.status(200).end();
    }

    async validatePassword(req: Request, res: Response): Promise<void> {
        const { password } = req.body;

        this.userService.validatePassword(password);
        res.status(200).end();
    }

    async validateToken(
        req: Request<unknown, unknown, unknown, IValidateQuery>,
        res: Response<TokenUserSchema>,
    ): Promise<void> {
        const { token } = req.query;
        const user = await this.userService.getUserForToken(token);
        await this.logout(req);
        this.openApiService.respondWithValidation<TokenUserSchema>(
            200,
            res,
            tokenUserSchema.$id,
            user,
        );
    }

    async changePassword(
        req: Request<unknown, unknown, IChangePasswordBody, unknown>,
        res: Response,
    ): Promise<void> {
        await this.logout(req);
        const { token, password } = req.body;
        await this.userService.resetPassword(token, password);
        res.status(200).end();
    }

    private async logout(req: SessionRequest<any, any, any, any>) {
        if (req.session) {
            req.session.destroy(() => {});
        }
    }
}

export default ResetPasswordController;
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`import { Request, Response } from 'express';`
			`import Controller from '../controller';`
			`import UserService from '../../services/user-service';`
			`import { Logger } from '../../logger';`
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`import { IUnleashConfig } from '../../types/option';`
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other 2022-06-22 13:31:41 +02:00			`import { IUnleashServices } from '../../types';`
fix: always require permission for POST, PATCH, PUT, DELETE (#1152) 2021-12-03 12:46:50 +01:00			`import { NONE } from '../../types/permissions';`
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other 2022-06-22 13:31:41 +02:00			`import { createRequestSchema, createResponseSchema } from '../../openapi';`
			`import { emptyResponse } from '../../openapi/spec/empty-response';`
			`import { OpenApiService } from '../../services/openapi-service';`
			`import {`
			`tokenUserSchema,`
			`TokenUserSchema,`
			`} from '../../openapi/spec/token-user-schema';`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00
			`interface IValidateQuery {`
			`token: string;`
			`}`

			`interface IChangePasswordBody {`
			`token: string;`
			`password: string;`
			`}`

fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`interface SessionRequest<PARAMS, QUERY, BODY, K>`
			`extends Request<PARAMS, QUERY, BODY, K> {`
			`user?;`
			`}`

Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`class ResetPasswordController extends Controller {`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`private userService: UserService;`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other 2022-06-22 13:31:41 +02:00			`private openApiService: OpenApiService;`

fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`private logger: Logger;`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other 2022-06-22 13:31:41 +02:00			`constructor(`
			`config: IUnleashConfig,`
			`{`
			`userService,`
			`openApiService,`
			`}: Pick<IUnleashServices, 'userService' \| 'openApiService'>,`
			`) {`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`super(config);`
			`this.logger = config.getLogger(`
			`'lib/routes/auth/reset-password-controller.ts',`
			`);`
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other 2022-06-22 13:31:41 +02:00			`this.openApiService = openApiService;`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`this.userService = userService;`
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other 2022-06-22 13:31:41 +02:00			`this.route({`
			`method: 'get',`
			`path: '/validate',`
			`handler: this.validateToken,`
			`permission: NONE,`
			`middleware: [`
			`openApiService.validPath({`
			`tags: ['other'],`
			`operationId: 'validateToken',`
			`responses: { 200: createResponseSchema('tokenUserSchema') },`
			`}),`
			`],`
			`});`
			`this.route({`
			`method: 'post',`
			`path: '/password',`
			`handler: this.changePassword,`
			`permission: NONE,`
			`middleware: [`
			`openApiService.validPath({`
			`tags: ['other'],`
			`operationId: 'changePassword',`
			`requestBody: createRequestSchema('changePasswordSchema'),`
			`responses: { 200: emptyResponse },`
			`}),`
			`],`
			`});`
			`this.route({`
			`method: 'post',`
			`path: '/validate-password',`
			`handler: this.validatePassword,`
			`permission: NONE,`
			`middleware: [`
			`openApiService.validPath({`
			`tags: ['other'],`
			`operationId: 'validatePassword',`
			`requestBody: createRequestSchema('validatePasswordSchema'),`
			`responses: { 200: emptyResponse },`
			`}),`
			`],`
			`});`
			`this.route({`
			`method: 'post',`
			`path: '/password-email',`
			`handler: this.sendResetPasswordEmail,`
			`permission: NONE,`
			`middleware: [`
			`openApiService.validPath({`
			`tags: ['other'],`
			`operationId: 'sendResetPasswordEmail',`
			`requestBody: createRequestSchema('resetPasswordSchema'),`
			`responses: { 200: emptyResponse },`
			`}),`
			`],`
			`});`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`async sendResetPasswordEmail(req: Request, res: Response): Promise<void> {`
			`const { email } = req.body;`

fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method. 2021-08-13 10:36:19 +02:00			`await this.userService.createResetPasswordEmail(email);`
			`res.status(200).end();`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`async validatePassword(req: Request, res: Response): Promise<void> {`
			`const { password } = req.body;`

fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method. 2021-08-13 10:36:19 +02:00			`this.userService.validatePassword(password);`
			`res.status(200).end();`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`async validateToken(`
			`req: Request<unknown, unknown, unknown, IValidateQuery>,`
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other 2022-06-22 13:31:41 +02:00			`res: Response<TokenUserSchema>,`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`): Promise<void> {`
			`const { token } = req.query;`
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method. 2021-08-13 10:36:19 +02:00			`const user = await this.userService.getUserForToken(token);`
			`await this.logout(req);`
Task/open api reset password (#1740) * task: add openapi for reset password * fix: add respondWithValidation and remove email from tests * fix: change tags to other 2022-06-22 13:31:41 +02:00			`this.openApiService.respondWithValidation<TokenUserSchema>(`
			`200,`
			`res,`
			`tokenUserSchema.$id,`
			`user,`
			`);`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`async changePassword(`
			`req: Request<unknown, unknown, IChangePasswordBody, unknown>,`
			`res: Response,`
			`): Promise<void> {`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`await this.logout(req);`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`const { token, password } = req.body;`
fix: Controller wraps handler with try/catch (#909) By having the controller perform try/catch around the handler function allows us to add extra safety to all our controllers and safeguards that we will always catch exceptions thrown by a controller method. 2021-08-13 10:36:19 +02:00			`await this.userService.resetPassword(token, password);`
			`res.status(200).end();`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00
			`private async logout(req: SessionRequest<any, any, any, any>) {`
			`if (req.session) {`
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-08-12 15:04:37 +02:00			`req.session.destroy(() => {});`
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00			`}`
			`}`
Reset token (#786) feat: Add Reset token functionality This allows admin users to create a reset token for other users. Thus allowing resetting their password. Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> fixes: #778 2021-04-16 15:29:23 +02:00			`}`

			`export default ResetPasswordController;`