I am trying to setup a forgot password feature on my MEAN Stack app.
I managed to get the emails to send, the tokens to update and the password to change, but not exactly how I want it to.. I just changed my password to "daviddavid", and here's how it was stored in the database: "password" : "$2a$08$cUdbJP5V.0Af.H2r5bsiW.IqHvo7K2eQk/hQK72aHOHWDYkFs3KHm". So, the hash is being stored as the password, and not the password itself as hash and salt.
Here's my model:
var mongoose = require("mongoose");
var passportLocalMongoose = require("passport-local-mongoose");
var bcrypt = require("bcrypt");
var userSchema = new mongoose.Schema({
username: {type: String, minlength: 4, maxlength: 15},
password: {type: String, minlength: 8},
email: {type: String, unique: true, lowercase: true, required: true},
admin: {type:Boolean, default: false},
bio: {type:String, default: "Cet utilisateur n'a pas encore rempli cette section."},
profileImage: {type:String, default: "http://www.wilwia.com/images/default-user.png"},
pinnedRecipes:[
{
type: mongoose.Schema.Types.ObjectId,
ref: "Recipe"
}
],
resetPasswordToken: String,
resetPasswordExpires: Date
});
userSchema.pre('save', function(next){
var user = this;
//check if password is modified, else no need to do anything
if (!user.isModified('password')) {
return next();
}
user.password = bcrypt.hashSync(user.password, bcrypt.genSaltSync(8), null);
next();
});
userSchema.plugin(passportLocalMongoose);
module.exports = mongoose.model("User", userSchema);
Here's my password reset route:
// FORGOT PASSWORD ROUTES
var options = {
auth: {
api_user: 'YelpCamp',
api_key: '***'
}
}
var mailer = nodemailer.createTransport(sgTransport(options));
/*Routes*/
router.post('/forgot', function(req, res, next) {
async.waterfall([
function(done) {
crypto.randomBytes(20, function(err, buf) {
var token = buf.toString('hex');
done(err, token);
});
},
function(token, done) {
User.findOne({ email: req.body.email }, function(err, user) {
if (!user) {
req.flash('error', "Couldn't find any user with given email address!");
return res.redirect('back');
}
user.resetPasswordToken = token;
user.resetPasswordExpires = Date.now() + 3600000; // 1 hour
user.save(function(err) {
done(err, token, user);
});
});
},
function(token, user, done) {
var email = {
to: user.email,
from: 'Yelp Camp <yelpcampapp@gmail.com>',
subject: 'YelpCamp Password Reset',
text: 'You are receiving this because you (or someone else) have requested the reset of the password for your account.\n\n' +
'Please click on the following link, or paste this into your browser to complete the process:\n\n' +
'http://' + req.headers.host + '/reset/' + token + '\n\n' +
'If you did not request this, please ignore this email and your password will remain unchanged.\n'
};
mailer.sendMail(email, function(err) {
if(err) return next(err);
req.flash('success', 'An e-mail has been sent to ' + user.email + ', with further instructions.');
done(err, 'done');
});
}
], function(err) {
if (err) return next(err);
res.redirect('back');
});
});
router.get('/reset/:token', function(req, res) {
User.findOne({ resetPasswordToken: req.params.token, resetPasswordExpires: { $gt: Date.now() } }, function(err, user) {
if (!user) {
req.flash('error', 'Password reset token is invalid or has expired.');
return res.redirect('/signin');
}
res.render('reset', {
user: req.user
});
});
});
router.post('/reset/:token', function(req, res) {
async.waterfall([
function(done) {
User.findOne({ resetPasswordToken: req.params.token, resetPasswordExpires: { $gt: Date.now() } }, function(err, user) {
if (!user) {
req.flash('error', 'Password reset token is invalid or has expired.');
return res.redirect('back');
}
user.password = req.body.password;
user.resetPasswordToken = undefined;
user.resetPasswordExpires = undefined;
user.save(function(err) {
req.logIn(user, function(err) {
done(err, user);
});
});
});
},
function(user, done) {
var email = {
to: user.email,
from: 'yelpcampapp@gmail.com',
subject: 'Your password has been changed',
text: 'Hello,\n\n' +
'This is a confirmation that the password for your account ' + user.email + ' has just been changed.\n'
};
mailer.sendMail(email, function(err) {
req.flash('success', 'Success! Your password has been changed.');
done(err);
});
}
], function(err) {
res.redirect('/recipes');
});
});
module.exports = router;
and here's my register route, to see how the password usually is stored in the db:
// Account creation logic
router.post("/register", function(req,res){
if(req.body.password != req.body.passwordConfirm){
return res.render("register", {error: "Les mots de passe ne correspondent pas."});
} else {
if(validateEmail(req.body.email)){
var email = req.body.email.toLowerCase();
} else {
req.flash("error", "L'adresse courriel est invalide.");
return res.redirect("/register");
}
var newUser = new User({username: req.body.username, email: email});
User.register(newUser, req.body.password, function(err, user){
if(err){
console.log(err);
if(err.message === "No username was given"){
req.flash("error", "Veuillez entrer un nom d'utilisateur.");
} else if(err.message === "A user with the given username is already registered"){
req.flash("error", "Le nom d'utilisateur que vous avez choisi est déjà utilisé.");
} else if(err.message === "No password was given"){
req.flash("error", "Veuillez entrer un mot de passe.");
}
return res.redirect("/register");
}
passport.authenticate("local")(req, res, function(){
req.flash("success", "Bienvenue sur RecettesFlambées, " + user.username +".");
res.redirect("/recipes");
});
});
}
});
Thanks a lot!
via Davycodes
No comments:
Post a Comment