UNPKG

feathers-authentication-management

Version:

Adds sign up verification, forgotten password reset, and other capabilities to local feathers-authentication

64 lines (63 loc) 3.73 kB
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const debug_1 = __importDefault(require("debug")); const helpers_1 = require("../helpers"); const debug = (0, debug_1.default)('authLocalMgnt:sendResetPwd'); function sendResetPwd(options, identifyUser, notifierOptions = {}, params) { return __awaiter(this, void 0, void 0, function* () { debug('sendResetPwd'); if (params && "query" in params) { params = Object.assign({}, params); delete params.query; } const { app, identifyUserProps, longTokenLen, passwordField, resetAttempts, resetDelay, reuseResetToken, sanitizeUserForClient, service, shortTokenDigits, shortTokenLen, skipIsVerifiedCheck, notifier } = options; const usersService = app.service(service); const usersServiceId = usersService.id; (0, helpers_1.ensureObjPropsValid)(identifyUser, identifyUserProps); const users = yield usersService.find(Object.assign(Object.assign({}, params), { query: Object.assign(Object.assign({}, identifyUser), { $limit: 2 }), paginate: false })); const user = (0, helpers_1.getUserData)(users, skipIsVerifiedCheck ? [] : ['isVerified']); if ( // Use existing token when it's not hashed, // and remaining time exceeds half of resetDelay reuseResetToken && user.resetToken && user.resetToken.includes('___') && (0, helpers_1.isDateAfterNow)(user.resetExpires, resetDelay / 2)) { yield (0, helpers_1.notify)(notifier, 'sendResetPwd', user, notifierOptions); return sanitizeUserForClient(user); } const [resetToken, resetShortToken] = yield Promise.all([ (0, helpers_1.getLongToken)(longTokenLen), (0, helpers_1.getShortToken)(shortTokenLen, shortTokenDigits) ]); Object.assign(user, { resetExpires: Date.now() + resetDelay, resetAttempts: resetAttempts, resetToken: (0, helpers_1.concatIDAndHash)(user[usersServiceId], resetToken), resetShortToken: resetShortToken }); yield (0, helpers_1.notify)(options.notifier, 'sendResetPwd', user, notifierOptions); const [resetToken3, resetShortToken3] = yield Promise.all([ reuseResetToken ? user.resetToken : (0, helpers_1.hashPassword)(app, user.resetToken, passwordField), reuseResetToken ? user.resetShortToken : (0, helpers_1.hashPassword)(app, user.resetShortToken, passwordField) ]); const patchedUser = yield usersService.patch(user[usersServiceId], { resetExpires: user.resetExpires, resetAttempts: user.resetAttempts, resetToken: resetToken3, resetShortToken: resetShortToken3 }, Object.assign({}, params)); return sanitizeUserForClient(patchedUser); }); } exports.default = sendResetPwd;