yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-24 17:40:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/strapi-admin/services/auth.js
Alexandre Bodin da35c122b4 Add reset password API 
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
2020-07-08 10:57:20 +02:00

107 lines
2.5 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

'use strict';
const bcrypt = require('bcryptjs');
/**
* hashes a password
* @param {string} password - password to hash
* @returns {string} hashed password
*/
const hashPassword = password => bcrypt.hash(password, 10);
/**
* Validate a password
* @param {string} password
* @param {string} hash
* @returns {boolean} is the password valid
*/
const validatePassword = (password, hash) => bcrypt.compare(password, hash);
/**
* Check login credentials
* @param {Object} options
* @param {string} options.email
* @param {string} options.password
*/
const checkCredentials = async ({ email, password }) => {
const user = await strapi.query('user', 'admin').findOne({ email });
if (!user || !user.password) {
return [null, false, { message: 'Invalid credentials' }];
}
const isValid = await validatePassword(password, user.password);
if (!isValid) {
return [null, false, { message: 'Invalid credentials' }];
}
if (!(user.isActive === true)) {
return [null, false, { message: 'User not active' }];
}
return [null, user];
};
const resetEmailTemplate = url => `
<p>We heard that you lost your password. Sorry about that!</p>
<p>But dont worry! You can use the following link to reset your password:</p>
<p>${url}</p>
<p>Thanks.</p>`;
const forgotPassword = async ({ email }) => {
const admin = await strapi.query('user', 'admin').findOne({ email, isActive: true });
// admin not found => do nothing
if (!admin) {
return;
}
// Generate random token.
const resetPasswordToken = strapi.admin.services.token.createToken();
await strapi.admin.services.user.update({ email }, { resetPasswordToken });
// TODO: set the final url once the front is developed
const url = `${strapi.config.admin.url}/reset-password?code=${resetPasswordToken}`;
const body = resetEmailTemplate(url);
// Send an email to the admin.
await strapi.plugins['email'].services.email.send({
to: admin.email,
subject: 'Reset password',
text: body,
html: body,
});
};
const resetPassword = async ({ resetPasswordToken, password }) => {
const matchingUser = await strapi
.query('user', 'admin')
.findOne({ resetPasswordToken, isActive: true });
if (!matchingUser) {
throw strapi.errors.badRequest('Invalid reset token');
}
return strapi.admin.services.user.update(
{ id: matchingUser.id },
{
password: password,
resetPasswordToken: null,
}
);
};
module.exports = {
checkCredentials,
validatePassword,
hashPassword,
forgotPassword,
resetPassword,
};
Reference in New Issue View Git Blame Copy Permalink