I'm implementing a password reset function in my app. The whole code seems to be working except the actual password reset! User enters email in the forgot password form and receives an email with a link with embedded token. When user clicks on the link they are taken to the reset password page and when they enter the new password and submit, they are redirected to the homepage with a flash message stating password has successfully been reset. However, when I go to login with this user, password has not been reset.
Here's my reset password form:
<% include ./partials/header %>
<div class ="container-form">
<div class="jumbotron form"><h2><i class="fa fa-sign-in" aria-hidden="true"></i> Reset password</h2></div>
<form method="POST">
<div class="form-group">
<i class="fa fa-key" aria-hidden="true"></i>
<label for="password">New password</label>
<input type = "password" class = "form-control" placeholder = "Enter new password" name="password">
</div>
<div class="form-group">
<i class="fa fa-key" aria-hidden="true"></i>
<label for="confirm">Confirm password</label>
<input type = "password" class = "form-control" placeholder = "Confirm new password" name="confirm">
</div>
<button type ="submit" class="btn btn-primary btn-lg">Reset password</button>
</form>
</div>
<% include ./partials/footer %>
And here's the route that handles the password update POST function:
router.post('/reset/:token', function(req, res) {
async.waterfall([
function(done) {
User.findOne({ resetPasswordToken: req.params.token, resetPasswordExpires: { $gt: Date.now() } }, function(err, user) {
if (!user) {
req.flash('error', 'Password reset token is invalid or has expired.');
return res.redirect('back');
}
user.password = req.body.password;
user.resetPasswordToken = undefined;
user.resetPasswordExpires = undefined;
user.save(function(err) {
req.logIn(user, function(err) {
done(err, user);
});
});
});
},
function(user, done) {
var smtpTransport = nodemailer.createTransport({
service: 'Gmail',
auth: {
user: '******@gmail.com',
pass: '*******'
}
});
var mailOptions = {
to: user.email,
from: 'passwordreset@demo.com',
subject: 'Your password has been changed',
text: 'Hello,\n\n' +
'This is a confirmation that the password for your account ' + user.email + ' has just been changed.\n'
};
smtpTransport.sendMail(mailOptions, function(err) {
req.flash('success', 'Success! Your password has been changed.');
done(err);
});
}
], function(err) {
res.redirect('/');
});
});
Can anyone see where I'm going wrong here?
via DaveB1
No comments:
Post a Comment