diff options
Diffstat (limited to 'src/api/routes/auth/reset.ts')
| -rw-r--r-- | src/api/routes/auth/reset.ts | 57 |
1 files changed, 28 insertions, 29 deletions
diff --git a/src/api/routes/auth/reset.ts b/src/api/routes/auth/reset.ts index 94053e1a..9ab25dca 100644 --- a/src/api/routes/auth/reset.ts +++ b/src/api/routes/auth/reset.ts @@ -10,7 +10,6 @@ import { } from "@fosscord/util"; import bcrypt from "bcrypt"; import { Request, Response, Router } from "express"; -import { HTTPError } from "lambert-server"; const router = Router(); @@ -20,37 +19,37 @@ router.post( async (req: Request, res: Response) => { const { password, token } = req.body as PasswordResetSchema; - try { - const { jwtSecret } = Config.get().security; - const { user } = await checkToken(token, jwtSecret, true); - - // the salt is saved in the password refer to bcrypt docs - const hash = await bcrypt.hash(password, 12); + const { jwtSecret } = Config.get().security; - const data = { - data: { - hash, - valid_tokens_since: new Date(), + let user; + try { + const userTokenData = await checkToken(token, jwtSecret, true); + user = userTokenData.user; + } catch { + throw FieldErrors({ + password: { + message: req.t("auth:password_reset.INVALID_TOKEN"), + code: "INVALID_TOKEN", }, - }; - await User.update({ id: user.id }, data); - - // come on, the user has to have an email to reset their password in the first place - // eslint-disable-next-line @typescript-eslint/no-non-null-assertion - await Email.sendPasswordChanged(user, user.email!); - - res.json({ token: await generateToken(user.id) }); - } catch (e) { - if ((e as Error).toString() === "Invalid Token") - throw FieldErrors({ - password: { - message: req.t("auth:password_reset.INVALID_TOKEN"), - code: "INVALID_TOKEN", - }, - }); - - throw new HTTPError((e as Error).toString(), 400); + }); } + + // the salt is saved in the password refer to bcrypt docs + const hash = await bcrypt.hash(password, 12); + + const data = { + data: { + hash, + valid_tokens_since: new Date(), + }, + }; + await User.update({ id: user.id }, data); + + // come on, the user has to have an email to reset their password in the first place + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + await Email.sendPasswordChanged(user, user.email!); + + res.json({ token: await generateToken(user.id) }); }, ); |