public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use the matched user email to send the password reset to (#1366)

pull/1329/head^2
Alex van Andel 2021-12-21 18:31:32 +01:00 committed by GitHub
parent bab72f1514
commit 9d7dc09974
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
pages/api/auth/forgot-password.ts
View File

@ -1,7 +1,5 @@
import { ResetPasswordRequest } from "@prisma/client"; import { ResetPasswordRequest } from "@prisma/client";
import dayjs from "dayjs"; import dayjs from "dayjs";
import timezone from "dayjs/plugin/timezone";
import utc from "dayjs/plugin/utc";
import { NextApiRequest, NextApiResponse } from "next"; import { NextApiRequest, NextApiResponse } from "next";
import { sendPasswordResetEmail } from "@lib/emails/email-manager"; import { sendPasswordResetEmail } from "@lib/emails/email-manager";
@ -10,25 +8,21 @@ import prisma from "@lib/prisma";
import { getTranslation } from "@server/lib/i18n"; import { getTranslation } from "@server/lib/i18n";
dayjs.extend(utc);
dayjs.extend(timezone);
export default async function handler(req: NextApiRequest, res: NextApiResponse) { export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const t = await getTranslation(req.body.language ?? "en", "common"); const t = await getTranslation(req.body.language ?? "en", "common");
if (req.method !== "POST") { if (req.method !== "POST") {
return res.status(405).json({ message: "" }); return res.status(405).end();
} }
try { try {
const rawEmail = req.body?.email;
const maybeUser = await prisma.user.findUnique({ const maybeUser = await prisma.user.findUnique({
where: { where: {
email: rawEmail, email: req.body?.email?.toLowerCase(),
}, },
select: { select: {
name: true, name: true,
email: true,
}, },
}); });
@ -36,12 +30,11 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(400).json({ message: "Couldn't find an account for this email" }); return res.status(400).json({ message: "Couldn't find an account for this email" });
} }
const now = dayjs().toDate();
const maybePreviousRequest = await prisma.resetPasswordRequest.findMany({ const maybePreviousRequest = await prisma.resetPasswordRequest.findMany({
where: { where: {
email: rawEmail, email: maybeUser.email,
expires: { expires: {
gt: now, gt: new Date(),
}, },
}, },
}); });
@ -54,7 +47,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const expiry = dayjs().add(PASSWORD_RESET_EXPIRY_HOURS, "hours").toDate(); const expiry = dayjs().add(PASSWORD_RESET_EXPIRY_HOURS, "hours").toDate();
const createdResetPasswordRequest = await prisma.resetPasswordRequest.create({ const createdResetPasswordRequest = await prisma.resetPasswordRequest.create({
data: { data: {
email: rawEmail, email: maybeUser.email,
expires: expiry, expires: expiry,
}, },
}); });
@ -63,10 +56,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const passwordEmail: PasswordReset = { const passwordEmail: PasswordReset = {
language: t, language: t,
user: { user: maybeUser,
name: maybeUser.name,
email: rawEmail,
},
resetLink: `${process.env.BASE_URL}/auth/forgot-password/${passwordRequest.id}`, resetLink: `${process.env.BASE_URL}/auth/forgot-password/${passwordRequest.id}`,
}; };
@ -74,7 +64,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(201).json({ message: "Reset Requested" }); return res.status(201).json({ message: "Reset Requested" });
} catch (reason) { } catch (reason) {
console.error(reason); // console.error(reason);
return res.status(500).json({ message: "Unable to create password reset request" }); return res.status(500).json({ message: "Unable to create password reset request" });
} }
} }