#497

4 files changed, 51 insertions, 2 deletions

diff --git a/src/api/common/generate-native-user-token.ts b/src/api/common/generate-native-user-token.ts
new file mode 100644
index 0000000000..2082b89a5a
--- /dev/null
+++ b/src/api/common/generate-native-user-token.ts
@@ -0,0 +1,3 @@
+import rndstr from 'rndstr';
+
+export default () => `!${rndstr('a-zA-Z0-9', 32)}`;
diff --git a/src/api/endpoints.ts b/src/api/endpoints.ts
index 5bbc480a8e..a658c9a42e 100644
--- a/src/api/endpoints.ts
+++ b/src/api/endpoints.ts
@@ -160,6 +160,10 @@ const endpoints: Endpoint[] = [
 		kind: 'account-write'
 	},
 	{
+		name: 'i/regenerate_token',
+		withCredential: true
+	},
+	{
 		name: 'i/appdata/get',
 		withCredential: true
 	},
diff --git a/src/api/endpoints/i/regenerate_token.ts b/src/api/endpoints/i/regenerate_token.ts
new file mode 100644
index 0000000000..ccebbc8101
--- /dev/null
+++ b/src/api/endpoints/i/regenerate_token.ts
@@ -0,0 +1,42 @@
+/**
+ * Module dependencies
+ */
+import $ from 'cafy';
+import * as bcrypt from 'bcryptjs';
+import User from '../../models/user';
+import event from '../../event';
+import generateUserToken from '../../common/generate-native-user-token';
+
+/**
+ * Regenerate native token
+ *
+ * @param {any} params
+ * @param {any} user
+ * @return {Promise<any>}
+ */
+module.exports = async (params, user) => new Promise(async (res, rej) => {
+	// Get 'password' parameter
+	const [password, passwordErr] = $(params.password).string().$;
+	if (passwordErr) return rej('invalid password param');
+
+	// Compare password
+	const same = bcrypt.compareSync(password, user.password);
+
+	if (!same) {
+		return rej('incorrect password');
+	}
+
+	// Generate secret
+	const secret = generateUserToken();
+
+	await User.update(user._id, {
+		$set: {
+			token: secret
+		}
+	});
+
+	res();
+
+	// Publish i updated event
+	event(user._id, 'my_token_regenerated');
+});
diff --git a/src/api/private/signup.ts b/src/api/private/signup.ts
index 2375c22845..899fa88472 100644
--- a/src/api/private/signup.ts
+++ b/src/api/private/signup.ts
@@ -1,10 +1,10 @@
 import * as express from 'express';
 import * as bcrypt from 'bcryptjs';
-import rndstr from 'rndstr';
 import recaptcha = require('recaptcha-promise');
 import User from '../models/user';
 import { validateUsername, validatePassword } from '../models/user';
 import serialize from '../serializers/user';
+import generateUserToken from '../common/generate-native-user-token';
 import config from '../../conf';
 
 recaptcha.init({
@@ -58,7 +58,7 @@ export default async (req: express.Request, res: express.Response) => {
 	const hash = bcrypt.hashSync(password, salt);
 
 	// Generate secret
-	const secret = `!${rndstr('a-zA-Z0-9', 32)}`;
+	const secret = generateUserToken();
 
 	// Create account
 	const account = await User.insert({