-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
492d82f
commit a7be265
Showing
4 changed files
with
286 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -97,9 +97,12 @@ exports.sendPasswordResetEmail = async (req, res, next) => { | |
|
||
const user = await models.User.findOne({ email }); | ||
|
||
if (!user) { | ||
return next(new Error('User with this email does not exist')); | ||
} | ||
if (!user) { | ||
const err = new Error('User with this email does not exist'); | ||
err.status = 400; | ||
return next(err); | ||
} | ||
|
||
|
||
const token = Math.random().toString(36).substring(2); | ||
|
||
|
@@ -109,7 +112,7 @@ exports.sendPasswordResetEmail = async (req, res, next) => { | |
const transporter = nodemailer.createTransport({ | ||
host: process.env.SMTP_HOST, | ||
port: process.env.SMTP_PORT, | ||
secure: false, // true for 465, false for other ports | ||
secure: true, | ||
auth: { | ||
user: process.env.EMAIL, | ||
pass: process.env.EMAIL_PASSWORD, | ||
|
@@ -118,7 +121,7 @@ exports.sendPasswordResetEmail = async (req, res, next) => { | |
|
||
// Send an email to the user with the password reset link | ||
const mailOptions = { | ||
from: '[email protected]', | ||
from: process.env.EMAIL, | ||
to: email, | ||
subject: 'Password Reset', | ||
text: `Click the following link to reset your password: ${IP}:${FPORT}/reset-password/${token}`, | ||
|
@@ -136,6 +139,11 @@ exports.resetPassword = async (req, res, next) => { | |
const { token } = req.params; | ||
const { password } = req.body; | ||
|
||
const passwordStrength = zxcvbn(password); | ||
if (passwordStrength.score < 3) { | ||
return next(Object.assign(new Error('Password is too weak'), { status: 400 })); | ||
} | ||
|
||
const user = await models.User.findOne({ | ||
resetPasswordToken: token, | ||
resetPasswordExpires: { $gt: Date.now() }, | ||
|
@@ -151,4 +159,4 @@ exports.resetPassword = async (req, res, next) => { | |
await user.save(); | ||
|
||
success(res, 'Password successfully reset'); | ||
}; | ||
}; |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.