Skip to content

Commit a29eb91

Browse files
SwaggerooSwaggeroo
committed
organisation
1 parent 8514969 commit a29eb91

1 file changed

Lines changed: 19 additions & 15 deletions

File tree

routes/users.js

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -90,8 +90,7 @@ router.put('/me/password', auth, async (req, res) => {
9090

9191
debugRoute("PUT /api/users/me/password - 200 - Password changed");
9292

93-
//let otp = user.otp_enabled && user.otp_verified;
94-
res.send({token: generateAuthToken(user.sub,false, false,false)}); //TODO change me
93+
res.send({token: generateAuthToken(user.sub,user.admin, req.user.otp,(user.totp_secret !== undefined && user.totp_confirmed))});
9594
});
9695

9796
router.post('/password/reset/request/:email', async (req, res) => {
@@ -100,18 +99,23 @@ router.post('/password/reset/request/:email', async (req, res) => {
10099
return res.status(400).send("Invalid Email");
101100
}
102101

103-
//TODO fetch user from database
104-
//TODO test if email verified
105-
//if (Date.now() - user.lastSecurityUpdate < 60000) {
106-
// debugRoute("GET /api/users/password/reset/:email - 400 - Password reset already requested");
107-
// return res.status(400).send("Password reset already requested");
108-
//}
109-
let user = {};
110-
user.passwordResetCode = generateVerificationCode();
111-
user.lastSecurityUpdate = Date.now();
112-
user.passwordResetTime = Date.now()
102+
let user = await dbAdapter.getUserByEmail(req.params.email);
103+
104+
if (!user) {
105+
debugRoute("GET /api/users/password/reset/:email - 404 - User not found");
106+
return res.status(404).send("User not found");
107+
}
113108

114-
//TODO push to server
109+
if (!user.email_confirmed){
110+
debugRoute("GET /api/users/password/reset/:email - 403 - Email not verified");
111+
return res.status(403).send("Email not verified");
112+
}
113+
114+
user.email_verification_code = generateVerificationCode();
115+
user.last_security_change = Date.now();
116+
user.last_email_send = Date.now()
117+
118+
await dbAdapter.updateUser(user);
115119

116120
await sendPasswordResetEmail(user);
117121
debugRoute("GET /api/users/password/reset/:email - 200 - Reset code sent");
@@ -135,8 +139,8 @@ router.put('/password/reset/:code', async (req, res) => {
135139
return res.status(400).send(error.details[0].message);
136140
}
137141

138-
//TODO Fetch User from database
139-
let user = {};
142+
//TODO get user from database
143+
//let user = dbAdapter;
140144
//if (Date.now() - user.passwordResetTime > 600000) {
141145
// debugRoute("GET /api/users/password/reset/:code - 400 - Reset code expired");
142146
// return res.status(400).send("Reset code expired");

0 commit comments

Comments
 (0)