CoreID/app/controllers/api/v1/Password.controller.js

123 lines
3.8 KiB
JavaScript
Raw Normal View History

2020-05-04 01:16:54 +00:00
const { Controller } = require('libflitter')
const zxcvbn = require('zxcvbn')
class PasswordController extends Controller {
static get services() {
return [...super.services, 'auth', 'jobs', 'models', 'activity']
2020-05-04 01:16:54 +00:00
}
async get_resets(req, res, next) {
return res.api(req.user.password_resets.map(x => {
return {
reset_on: x.reset_on,
reason: x.reason,
}
}))
}
async get_app_passwords(req, res, next) {
return res.api(req.user.app_passwords.map(x => {
return {
created: x.created,
expires: x.expires,
active: x.active,
name: x.name ?? req.T('common.unnamed'),
2020-05-04 01:16:54 +00:00
uuid: x.uuid,
}
}))
}
async create_app_password(req, res, next) {
if ( !req.body.name )
return res.status(400)
.message(`${req.T('api.missing_field')} name`)
2020-05-04 01:16:54 +00:00
.api()
const { password, record } = await req.user.app_password(req.body.name)
await req.user.save()
await this.activity.app_password_created({ req, name: req.body.name })
2020-05-04 01:16:54 +00:00
return res.api({
password,
name: req.body.name,
uuid: record.uuid,
})
}
async delete_app_password(req, res, next) {
if ( !req.params.uuid )
return res.status(400)
.message(`${req.T('api.missing_field')} uuid`)
2020-05-04 01:16:54 +00:00
.api()
const match = req.user.app_passwords.filter(x => x.uuid === req.params.uuid)[0]
if ( !match )
return res.status(400)
.message(req.T('api.app_pw_not_found'))
2020-05-04 01:16:54 +00:00
.api()
req.user.app_passwords = req.user.app_passwords.filter(x => x.uuid !== req.params.uuid)
await req.user.save()
return res.api()
}
async reset_password(req, res, next) {
if ( !req.body.password )
return res.status(400)
.message(`${req.T('api.missing_field')} password`)
2020-05-04 01:16:54 +00:00
.api()
// Verify password complexity
const min_score = 3
const result = zxcvbn(req.body.password)
if ( result.score < min_score )
return res.status(400)
.message(req.T('auth.password_complexity_fail').replace('MIN_SCORE', min_score))
2020-05-04 01:16:54 +00:00
.api()
// Make sure it's not a re-do
for ( const old_pw of req.user.password_resets ) {
if ( await old_pw.check(req.body.password) ) {
return res.status(400)
.message(req.T('auth.duplicate_pw'))
2020-05-04 01:16:54 +00:00
.api()
}
}
// Create the password reset
const reset = await req.user.reset_password(req.body.password)
await req.user.save()
await this.activity.password_reset({ req, ip: req.ip })
2020-05-20 14:56:03 +00:00
if ( req.trap.has_trap() && req.trap.get_trap() === 'password_reset' ) await req.trap.end()
2020-05-04 01:16:54 +00:00
if ( req.session.registrant_flow ) {
await req.trap.begin('registrant_flow', { session_only: true })
}
2020-05-04 01:16:54 +00:00
// invalidate existing tokens and other logins
await req.user.logout(req)
2020-05-04 01:16:54 +00:00
await req.user.kickout()
req.trust.unassume()
2020-05-04 01:16:54 +00:00
return res.api()
}
async request_reset(req, res, next) {
if ( !req.body.email )
return res.status(400)
.message(`${req.T('api.missing_field')} email`)
.api()
const User = this.models.get('auth:User')
const user = await User.findOne({ email: req.body.email })
if ( user ) {
const reset_queue = this.jobs.queue('password_resets')
await reset_queue.add('PasswordReset', { user_id: user.id })
}
return res.api({ success: true })
}
2020-05-04 01:16:54 +00:00
}
module.exports = exports = PasswordController