@rpcbase/server 0.192.0 → 0.194.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/mailer/index.js +6 -3
- package/package.json +1 -1
- package/src/auth/reset_password.js +7 -7
package/mailer/index.js
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
/* @flow */
|
|
2
|
+
const debug = require("debug")
|
|
2
3
|
const postmark = require("postmark")
|
|
3
4
|
|
|
5
|
+
const log = debug("rb:mailer")
|
|
6
|
+
|
|
4
7
|
const {POSTMARK_API_KEY, IS_PRODUCTION} = process.env
|
|
5
8
|
|
|
6
9
|
const is_production = IS_PRODUCTION === "yes"
|
|
7
|
-
|
|
10
|
+
log("mailer, is_production:", is_production, "env:", JSON.stringify(IS_PRODUCTION))
|
|
8
11
|
|
|
9
12
|
let client
|
|
10
13
|
|
|
@@ -13,8 +16,8 @@ if (is_production && typeof POSTMARK_API_KEY === "string" && POSTMARK_API_KEY.tr
|
|
|
13
16
|
} else {
|
|
14
17
|
client = {
|
|
15
18
|
sendEmail: async(payload) => {
|
|
16
|
-
|
|
17
|
-
|
|
19
|
+
log("sendEmail disabled when not in production")
|
|
20
|
+
log("From:", payload.From, "To:", payload.To, "Subject:", payload.Subject)
|
|
18
21
|
}
|
|
19
22
|
}
|
|
20
23
|
}
|
package/package.json
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
const _template = require("lodash/template")
|
|
3
3
|
const fs = require("fs")
|
|
4
4
|
const path = require("path")
|
|
5
|
+
const debug = require("debug")
|
|
5
6
|
const isEmail = require("validator/lib/isEmail")
|
|
6
7
|
|
|
7
8
|
const {hash_password, compare_hash} = require("@rpcbase/std/crypto/hash")
|
|
@@ -11,8 +12,9 @@ const mailer = require("../../mailer")
|
|
|
11
12
|
const mongoose = require("../../mongoose")
|
|
12
13
|
const ResetPasswordToken = require("../models/ResetPasswordToken")
|
|
13
14
|
|
|
15
|
+
const log = debug("rb:auth:reset_password")
|
|
14
16
|
|
|
15
|
-
const {APP_DOMAIN} = process.env
|
|
17
|
+
const {APP_DOMAIN, MAILER_FROM_EMAIL} = process.env
|
|
16
18
|
|
|
17
19
|
const email_tpl = _template(
|
|
18
20
|
fs.readFileSync(path.join(__dirname, "./forgot_password_email.html"), "utf8")
|
|
@@ -29,6 +31,7 @@ const reset_password = async({email}, ctx) => {
|
|
|
29
31
|
const user = await User.findOne({email}, null, {ctx})
|
|
30
32
|
|
|
31
33
|
if (!user) {
|
|
34
|
+
log("attempting to reset password for a user that was not found", email)
|
|
32
35
|
// TODO: add random delay to prevent detecting if account exists based on response time
|
|
33
36
|
return {status: "ok"}
|
|
34
37
|
}
|
|
@@ -36,11 +39,6 @@ const reset_password = async({email}, ctx) => {
|
|
|
36
39
|
const token = get_random_str(32)
|
|
37
40
|
const token_hash = await hash_password(token)
|
|
38
41
|
|
|
39
|
-
console.log("WOWOOWOWOW", await compare_hash(token, token_hash))
|
|
40
|
-
|
|
41
|
-
console.log("token", token)
|
|
42
|
-
console.log("token_hash", token_hash)
|
|
43
|
-
|
|
44
42
|
const reset_token = new ResetPasswordToken({
|
|
45
43
|
user_id: user._id,
|
|
46
44
|
token_hash,
|
|
@@ -51,7 +49,7 @@ const reset_password = async({email}, ctx) => {
|
|
|
51
49
|
const reset_url = `https://${APP_DOMAIN}/set-new-password?id=${user._id}&token=${token}`
|
|
52
50
|
|
|
53
51
|
const res = await mailer.sendEmail({
|
|
54
|
-
From:
|
|
52
|
+
From: MAILER_FROM_EMAIL,
|
|
55
53
|
To: user.email,
|
|
56
54
|
Subject: "Your password reset link",
|
|
57
55
|
HtmlBody: email_tpl({
|
|
@@ -59,6 +57,8 @@ const reset_password = async({email}, ctx) => {
|
|
|
59
57
|
}),
|
|
60
58
|
})
|
|
61
59
|
|
|
60
|
+
log("res", res)
|
|
61
|
+
|
|
62
62
|
// cleanup if email wasn't sent
|
|
63
63
|
if (res.Message !== "OK") {
|
|
64
64
|
await reset_token.delete()
|