blt/api/controllers/entrance/update-password-and-login.js

module.exports = {


  friendlyName: 'Update password and login',


  description: 'Finish the password recovery flow by setting the new password and '+
  'logging in the requesting user, based on the authenticity of their token.',


  inputs: {

    password: {
      description: 'The new, unencrypted password.',
      example: 'abc123v2',
      required: true
    },

    token: {
      description: 'The password token that was generated by the `sendPasswordRecoveryEmail` endpoint.',
      example: 'gwa8gs8hgw9h2g9hg29hgwh9asdgh9q34$$$$$asdgasdggds',
      required: true
    }

  },


  exits: {

    success: {
      description: 'Password successfully updated, and requesting user agent is now logged in.'
    },

    invalidToken: {
      description: 'The provided password token is invalid, expired, or has already been used.',
      responseType: 'expired'
    }

  },


  fn: async function ({password, token}) {

    if(!token) {
      throw 'invalidToken';
    }

    // Look up the user with this reset token.
    var userRecord = await User.findOne({ passwordResetToken: token });

    // If no such user exists, or their token is expired, bail.
    if (!userRecord || userRecord.passwordResetTokenExpiresAt <= Date.now()) {
      throw 'invalidToken';
    }

    // Hash the new password.
    var hashed = await sails.helpers.passwords.hashPassword(password);

    // Store the user's new password and clear their reset token so it can't be used again.
    await User.updateOne({ id: userRecord.id })
    .set({
      password: hashed,
      passwordResetToken: '',
      passwordResetTokenExpiresAt: 0
    });

    // Log the user in.
    // (This will be persisted when the response is sent.)
    this.req.session.userId = userRecord.id;

    // In case there was an existing session, broadcast a message that we can
    // display in other open tabs.
    if (sails.hooks.sockets) {
      await sails.helpers.broadcastSessionChange(this.req);
    }

  }


};
Initial project structure with sails.js 2023-11-21 21:57:32 -05:00			`module.exports = {`


			`friendlyName: 'Update password and login',`


			`description: 'Finish the password recovery flow by setting the new password and '+`
			`'logging in the requesting user, based on the authenticity of their token.',`


			`inputs: {`

			`password: {`
			`description: 'The new, unencrypted password.',`
			`example: 'abc123v2',`
			`required: true`
			`},`

			`token: {`
			description: 'The password token that was generated by the `sendPasswordRecoveryEmail` endpoint.',
			`example: 'gwa8gs8hgw9h2g9hg29hgwh9asdgh9q34$$$$$asdgasdggds',`
			`required: true`
			`}`

			`},`


			`exits: {`

			`success: {`
			`description: 'Password successfully updated, and requesting user agent is now logged in.'`
			`},`

			`invalidToken: {`
			`description: 'The provided password token is invalid, expired, or has already been used.',`
			`responseType: 'expired'`
			`}`

			`},`


			`fn: async function ({password, token}) {`

			`if(!token) {`
			`throw 'invalidToken';`
			`}`

			`// Look up the user with this reset token.`
			`var userRecord = await User.findOne({ passwordResetToken: token });`

			`// If no such user exists, or their token is expired, bail.`
			`if (!userRecord \|\| userRecord.passwordResetTokenExpiresAt <= Date.now()) {`
			`throw 'invalidToken';`
			`}`

			`// Hash the new password.`
			`var hashed = await sails.helpers.passwords.hashPassword(password);`

			`// Store the user's new password and clear their reset token so it can't be used again.`
			`await User.updateOne({ id: userRecord.id })`
			`.set({`
			`password: hashed,`
			`passwordResetToken: '',`
			`passwordResetTokenExpiresAt: 0`
			`});`

			`// Log the user in.`
			`// (This will be persisted when the response is sent.)`
			`this.req.session.userId = userRecord.id;`

			`// In case there was an existing session, broadcast a message that we can`
			`// display in other open tabs.`
			`if (sails.hooks.sockets) {`
			`await sails.helpers.broadcastSessionChange(this.req);`
			`}`

			`}`


			`};`