From 304a5bbb722918ae620addb68360aace3519610b Mon Sep 17 00:00:00 2001
From: Jim Laurie <j.laurie6993@gmail.com>
Date: Fri, 17 Nov 2017 11:41:23 +0100
Subject: [PATCH] Reset password

---
 .../controllers/Auth.js                       | 53 ++++++++++++++++++-
 1 file changed, 51 insertions(+), 2 deletions(-)

diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js
index d53997072a..b2cfbafc3a 100644
--- a/packages/strapi-plugin-users-permissions/controllers/Auth.js
+++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js
@@ -35,7 +35,6 @@ module.exports = {
       const query = {};
 
       // Check if the provided identifier is an email or not.
-
       const isEmail = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(params.identifier);
 
       // Set the identifier to the appropriate query field.
@@ -167,7 +166,7 @@ module.exports = {
     // Generate random token.
     const resetPasswordToken = crypto.randomBytes(64).toString('hex');
 
-    // Set the property code of the local passport.
+    // Set the property code.
     user.resetPasswordToken = resetPasswordToken;
 
     // Update the user.
@@ -192,5 +191,55 @@ module.exports = {
         message: 'Error sending the email'
       };
     }
+  },
+
+  changePassword: async (ctx) => {
+    const params = _.assign({}, ctx.request.body, ctx.params);
+
+    if (params.password && params.passwordConfirmation && params.password === params.passwordConfirmation && params.code) {
+      try {
+        const user = await strapi.query('user', 'users-permissions').findOne({ resetPasswordToken: params.code });
+
+        if (!user) {
+          ctx.status = 400;
+          return ctx.body = {
+            message: 'Incorrect code provided.'
+          };
+        }
+
+        // Delete the current code
+        user.resetPasswordToken = null;
+
+        user.password =  await strapi.plugins['users-permissions'].services.user.hashPassword(params);
+
+        // Update the user.
+        await strapi.query('user', 'users-permissions').update({
+          id: user.id,
+          values: user
+        });
+
+        ctx.status = 200;
+        return ctx.body = {
+          jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
+          user: user
+        };
+      } catch (err) {
+        ctx.status = 500;
+        return ctx.body = {
+          message: err.message
+        };
+      }
+    } else if (params.password && params.passwordConfirmation && params.password !== params.passwordConfirmation) {
+      ctx.status = 400;
+      return ctx.body = {
+        message: 'Passwords not matching.'
+      };
+    } else {
+      ctx.status = 400;
+      return ctx.body = {
+        status: 'error',
+        message: 'Incorrect params provided.'
+      };
+    }
   }
 };