diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2021-05-04 15:05:34 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-04 15:05:34 +0900 |
| commit | 6ae642245e0322f194ca5d960f669f33ba38c2fa (patch) | |
| tree | f71ac2c1a2d0aa616d4e99d37c00787219c5e3d0 /src/server/api/endpoints | |
| parent | Fix style (diff) | |
| download | sharkey-6ae642245e0322f194ca5d960f669f33ba38c2fa.tar.gz sharkey-6ae642245e0322f194ca5d960f669f33ba38c2fa.tar.bz2 sharkey-6ae642245e0322f194ca5d960f669f33ba38c2fa.zip | |
Password reset (#7494)
* wip
* wip
* Update well-known.ts
* wip
* clean up
* Update request-reset-password.ts
* Update forgot-password.vue
* Update reset-password.ts
* Update request-reset-password.ts
Diffstat (limited to 'src/server/api/endpoints')
| -rw-r--r-- | src/server/api/endpoints/request-reset-password.ts | 73 | ||||
| -rw-r--r-- | src/server/api/endpoints/reset-password.ts | 45 |
2 files changed, 118 insertions, 0 deletions
diff --git a/src/server/api/endpoints/request-reset-password.ts b/src/server/api/endpoints/request-reset-password.ts new file mode 100644 index 0000000000..c880df7527 --- /dev/null +++ b/src/server/api/endpoints/request-reset-password.ts @@ -0,0 +1,73 @@ +import $ from 'cafy'; +import { publishMainStream } from '../../../services/stream'; +import define from '../define'; +import rndstr from 'rndstr'; +import config from '@/config'; +import * as ms from 'ms'; +import { Users, UserProfiles, PasswordResetRequests } from '../../../models'; +import { sendEmail } from '../../../services/send-email'; +import { ApiError } from '../error'; +import { genId } from '@/misc/gen-id'; +import { IsNull } from 'typeorm'; + +export const meta = { + requireCredential: false as const, + + limit: { + duration: ms('1hour'), + max: 3 + }, + + params: { + username: { + validator: $.str + }, + + email: { + validator: $.str + }, + }, + + errors: { + + } +}; + +export default define(meta, async (ps) => { + const user = await Users.findOne({ + usernameLower: ps.username.toLowerCase(), + host: IsNull() + }); + + // 合致するユーザーが登録されていなかったら無視 + if (user == null) { + return; + } + + const profile = await UserProfiles.findOneOrFail(user.id); + + // 合致するメアドが登録されていなかったら無視 + if (profile.email !== ps.email) { + return; + } + + // メアドが認証されていなかったら無視 + if (!profile.emailVerified) { + return; + } + + const token = rndstr('a-z0-9', 64); + + await PasswordResetRequests.insert({ + id: genId(), + createdAt: new Date(), + userId: profile.userId, + token + }); + + const link = `${config.url}/reset-password/${token}`; + + sendEmail(ps.email, 'Password reset requested', + `To reset password, please click this link:<br><a href="${link}">${link}</a>`, + `To reset password, please click this link: ${link}`); +}); diff --git a/src/server/api/endpoints/reset-password.ts b/src/server/api/endpoints/reset-password.ts new file mode 100644 index 0000000000..5f79bdbd00 --- /dev/null +++ b/src/server/api/endpoints/reset-password.ts @@ -0,0 +1,45 @@ +import $ from 'cafy'; +import * as bcrypt from 'bcryptjs'; +import { publishMainStream } from '../../../services/stream'; +import define from '../define'; +import { Users, UserProfiles, PasswordResetRequests } from '../../../models'; +import { ApiError } from '../error'; + +export const meta = { + requireCredential: false as const, + + params: { + token: { + validator: $.str + }, + + password: { + validator: $.str + } + }, + + errors: { + + } +}; + +export default define(meta, async (ps, user) => { + const req = await PasswordResetRequests.findOneOrFail({ + token: ps.token, + }); + + // 発行してから30分以上経過していたら無効 + if (Date.now() - req.createdAt.getTime() > 1000 * 60 * 30) { + throw new Error(); // TODO + } + + // Generate hash of password + const salt = await bcrypt.genSalt(8); + const hash = await bcrypt.hash(ps.password, salt); + + await UserProfiles.update(req.userId, { + password: hash + }); + + PasswordResetRequests.delete(req.id); +}); |