password reset implementation;
custom signin form
This commit is contained in:
Dobromir Popov
@ -34,7 +34,8 @@ export default async function handler(req, res) {
|
||||
// Retrieve and validate the JWT token
|
||||
|
||||
//response is a special action that does not require a token
|
||||
if (action == "email_response") {
|
||||
//PUBLIC
|
||||
if (action == "email_response" || action == "account") {
|
||||
switch (emailaction) {
|
||||
case "coverMeAccept":
|
||||
//validate shiftId and assignmentId
|
||||
@ -201,6 +202,83 @@ export default async function handler(req, res) {
|
||||
});
|
||||
|
||||
break;
|
||||
|
||||
case "resetPassword":
|
||||
// Send password reset form to the user
|
||||
//parse the request body
|
||||
|
||||
let email = req.body.email || req.query.email;
|
||||
let actualUser = await prisma.publisher.findUnique({
|
||||
where: {
|
||||
email: email
|
||||
}
|
||||
});
|
||||
if (!actualUser) {
|
||||
return res.status(200).json({ message: "Няма потребител с този имейл" });
|
||||
}
|
||||
else {
|
||||
let requestGuid = req.query.guid;
|
||||
if (!requestGuid) {
|
||||
console.log("User: " + email + " requested a password reset");
|
||||
let requestGuid = uuidv4();
|
||||
//save the request in the database as EventLog
|
||||
let eventLog = await prisma.eventLog.create({
|
||||
data: {
|
||||
date: new Date(),
|
||||
publisher: { connect: { id: actualUser.id } },
|
||||
type: EventLogType.PasswordResetRequested,
|
||||
content: JSON.stringify({ guid: requestGuid })
|
||||
}
|
||||
});
|
||||
logger.info("User: " + email + " requested a password reset. EventLogId: " + eventLog.id + "");
|
||||
|
||||
let model = {
|
||||
email: email,
|
||||
firstName: actualUser.firstName,
|
||||
lastName: actualUser.lastName,
|
||||
resetUrl: process.env.NEXTAUTH_URL + "/api/email?action=email_response&emailaction=resetPassword&guid=" + requestGuid + "&email=" + email,
|
||||
sentDate: common.getDateFormated(new Date())
|
||||
};
|
||||
emailHelper.SendEmailHandlebars(to, "resetPassword", model);
|
||||
res.status(200).json({ message: "Password reset request sent" });
|
||||
}
|
||||
else {
|
||||
//1. validate the guid
|
||||
let eventLog = await prisma.eventLog.findFirst({
|
||||
where: {//can we query "{ guid: requestGuid }"?
|
||||
type: EventLogType.PasswordResetRequested,
|
||||
publisherId: actualUser.id,
|
||||
date: {
|
||||
gt: new Date(new Date().getTime() - 24 * 60 * 60 * 1000) //24 hours
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
if (!eventLog) {
|
||||
return res.status(400).json({ message: "Invalid or expired password reset request" });
|
||||
}
|
||||
else {
|
||||
let eventLog = await prisma.eventLog.update({
|
||||
where: {
|
||||
id: parseInt(requestGuid)
|
||||
},
|
||||
data: {
|
||||
type: EventLogType.PasswordResetEmailConfirmed
|
||||
}
|
||||
});
|
||||
//2. redirect to the password reset page
|
||||
const messagePageUrl = `/auth/reset-password?email=${email}&resetToken=${requestGuid}`;
|
||||
res.redirect(messagePageUrl);
|
||||
}
|
||||
|
||||
//2.login the user
|
||||
|
||||
//3. redirect to the password reset page
|
||||
}
|
||||
|
||||
}
|
||||
break;
|
||||
|
||||
}
|
||||
// //send email response to the user
|
||||
// const emailResponse = await common.sendEmail(user.email, "Email Action Processed",
|
||||
@ -220,6 +298,7 @@ export default async function handler(req, res) {
|
||||
}
|
||||
});
|
||||
|
||||
//PRIVATE ACTIONS
|
||||
switch (action) {
|
||||
case "sendCoverMeRequestByEmail":
|
||||
// Send CoverMe request to the users
|
||||
|
||||
Reference in New Issue
Block a user