Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
X
xpub-faraday
Manage
Activity
Members
Labels
Plan
Issues
2
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Deploy
Releases
Container Registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
xpub
xpub-faraday
Commits
e7537aab
Commit
e7537aab
authored
7 years ago
by
Sebastian
Browse files
Options
Downloads
Patches
Plain Diff
refactor token and email validation
parent
0855f358
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
packages/component-invite/src/Invite.js
+81
-53
81 additions, 53 deletions
packages/component-invite/src/Invite.js
with
81 additions
and
53 deletions
packages/component-invite/src/Invite.js
+
81
−
53
View file @
e7537aab
...
@@ -82,7 +82,7 @@ const Invite = app => {
...
@@ -82,7 +82,7 @@ const Invite = app => {
}
}
}
catch
(
e
)
{
}
catch
(
e
)
{
if
(
e
.
name
!==
'
NotFoundError
'
)
{
if
(
e
.
name
!==
'
NotFoundError
'
)
{
res
.
status
(
500
).
json
({
error
:
e
})
res
.
status
(
500
).
json
({
error
:
e
.
details
[
0
].
message
})
logger
.
error
(
e
)
logger
.
error
(
e
)
return
return
}
}
...
@@ -155,32 +155,26 @@ const Invite = app => {
...
@@ -155,32 +155,26 @@ const Invite = app => {
return
return
}
}
try
{
const
validateResponse
=
await
validateEmailAndToken
(
const
user
=
await
app
.
locals
.
models
.
User
.
findByEmail
(
email
)
email
,
if
(
user
)
{
token
,
if
(
token
!==
user
.
passwordResetToken
)
{
app
.
locals
.
models
.
User
,
res
.
status
(
400
).
json
({
error
:
'
invalid request
'
})
)
logger
.
error
(
if
(
validateResponse
.
success
===
false
)
{
`invite pw reset tokens do not match: REQ
${
token
}
vs. DB
${
res
user
.
passwordResetToken
.
status
(
validateResponse
.
status
)
}
`
,
.
json
({
error
:
validateResponse
.
message
})
)
return
return
}
}
const
resBody
=
pick
(
user
,
[
const
resBody
=
pick
(
validateResponse
.
user
,
[
'
firstName
'
,
'
firstName
'
,
'
lastName
'
,
'
lastName
'
,
'
affiliation
'
,
'
affiliation
'
,
'
title
'
,
'
title
'
,
])
])
res
.
status
(
200
).
json
(
resBody
)
res
.
status
(
200
).
json
(
resBody
)
}
}
catch
(
e
)
{
res
.
status
(
404
).
json
({
error
:
'
user not found
'
})
logger
.
error
(
'
invite pw reset on non-existing user
'
)
}
})
})
app
.
post
(
app
.
post
(
'
/api/users/invite/password/reset
'
,
'
/api/users/invite/password/reset
'
,
...
@@ -229,36 +223,27 @@ const Invite = app => {
...
@@ -229,36 +223,27 @@ const Invite = app => {
isConfirmed
:
true
,
isConfirmed
:
true
,
}
}
try
{
const
validateResponse
=
await
validateEmailAndToken
(
const
user
=
await
app
.
locals
.
models
.
User
.
findByEmail
(
email
)
email
,
if
(
user
)
{
token
,
if
(
token
!==
user
.
passwordResetToken
)
{
app
.
locals
.
models
.
User
,
res
.
status
(
400
).
json
({
error
:
'
invalid request
'
})
)
logger
.
error
(
if
(
validateResponse
.
success
===
false
)
{
`invite pw reset tokens do not match: REQ
${
token
}
vs. DB
${
res
user
.
passwordResetToken
.
status
(
validateResponse
.
status
)
}
`
,
.
json
({
error
:
validateResponse
.
message
})
)
return
return
}
}
let
newUser
=
Object
.
assign
(
user
,
updateFields
,
user
)
let
newUser
=
Object
.
assign
(
delete
newUser
.
passwordResetToken
validateResponse
.
user
,
updateFields
,
validateResponse
.
user
,
)
delete
newUser
.
passwordResetToken
newUser
=
await
newUser
.
save
()
newUser
=
await
newUser
.
save
()
res
.
status
(
200
).
json
(
newUser
)
res
.
status
(
200
).
json
(
newUser
)
}
}
catch
(
e
)
{
if
(
e
.
name
===
'
NotFoundError
'
)
{
res
.
status
(
404
).
json
({
error
:
'
user not found
'
})
logger
.
error
(
'
invite pw reset on non-existing user
'
)
}
else
if
(
e
.
name
===
'
ValidationError
'
)
{
res
.
status
(
400
).
json
({
error
:
e
.
details
[
0
].
message
})
logger
.
error
(
'
invite pw reset validation error
'
)
}
res
.
status
(
400
).
json
({
error
:
e
})
logger
.
error
(
e
)
}
},
},
)
)
}
}
...
@@ -271,4 +256,47 @@ const checkForUndefinedParams = (...params) => {
...
@@ -271,4 +256,47 @@ const checkForUndefinedParams = (...params) => {
return
true
return
true
}
}
const
validateEmailAndToken
=
async
(
email
,
token
,
userModel
)
=>
{
try
{
const
user
=
await
userModel
.
findByEmail
(
email
)
if
(
user
)
{
if
(
token
!==
user
.
passwordResetToken
)
{
logger
.
error
(
`invite pw reset tokens do not match: REQ
${
token
}
vs. DB
${
user
.
passwordResetToken
}
`
,
)
return
{
success
:
false
,
status
:
400
,
message
:
'
invalid request
'
,
}
}
return
{
success
:
true
,
user
}
}
}
catch
(
e
)
{
if
(
e
.
name
===
'
NotFoundError
'
)
{
logger
.
error
(
'
invite pw reset on non-existing user
'
)
return
{
success
:
false
,
status
:
404
,
message
:
'
user not found
'
,
}
}
else
if
(
e
.
name
===
'
ValidationError
'
)
{
logger
.
error
(
'
invite pw reset validation error
'
)
return
{
success
:
false
,
status
:
400
,
message
:
e
.
details
[
0
].
message
,
}
}
logger
.
error
(
e
)
return
{
success
:
false
,
status
:
500
,
message
:
e
.
details
[
0
].
message
,
}
}
}
module
.
exports
=
Invite
module
.
exports
=
Invite
This diff is collapsed.
Click to expand it.
Preview
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
