all files / express-stormpath/lib/controllers/ forgot-password.js

8.82% Statements 3/34
0% Branches 0/14
0% Functions 0/9
8.82% Lines 3/34
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101                                                                                                                                                                                                   
'use strict';
 
var forms = require('../forms');
var helpers = require('../helpers');
 
/**
 * This controller initializes the 'password reset' workflow for a user who has
 * forgotten their password.
 *
 * This will render a view, which prompts the user for their email address, then
 * sends a password reset email.
 *
 * The URL this controller is bound to, and the view used to render this page
 * can all be controlled via express-stormpath settings.
 *
 * @method
 *
 * @param {Object} req - The http request.
 * @param {Object} res - The http response.
 * @param {function} next - The next callback.
 */
module.exports = function (req, res, next) {
  var application = req.app.get('stormpathApplication');
  var config = req.app.get('stormpathConfig');
  var logger = req.app.get('stormpathLogger');
  var view = config.web.forgotPassword.view;
 
  res.locals.status = req.query.status;
 
  helpers.handleAcceptRequest(req, res, {
    'application/json': function () {
      if (req.method !== 'POST') {
        return next();
      }
 
      return application.sendPasswordResetEmail(req.body.email, function (err) {
        if (err) {
          logger.info('A user tried to reset their password, but supplied an invalid email address: ' + req.body.email + '.');
        }
 
        res.end();
      });
    },
    'text/html': function () {
      if (req.method !== 'GET' && req.method !== 'POST') {
        return next();
      }
 
      var formActionUri = config.web.forgotPassword.uri;
 
      return helpers.organizationResolutionGuard(req, res, formActionUri, function () {
        forms.forgotPasswordForm.handle(req, {
          // If we get here, it means the user is submitting a password reset
          // request, so we should attempt to send the user a password reset email.
          success: function (form) {
            var data = {
              email: form.data.email
            };
 
            if (req.organization) {
              data.accountStore = {
                href: req.organization.href
              };
            }
 
            application.sendPasswordResetEmail(data, function (err) {
              if (err) {
                logger.info('A user tried to reset their password, but supplied an invalid email address: ' + form.data.email + '.');
              }
 
              res.redirect(config.web.forgotPassword.nextUri);
            });
          },
          // If we get here, it means the user didn't supply required form fields.
          error: function (form) {
 
            var viewData = {
              form: form,
              organization: req.organization
            };
 
            // https://github.com/caolan/forms/issues/96
            if (req.query.status === 'invalid_sptoken') {
              viewData.status = req.query.status;
              return helpers.render(req, res, view, viewData);
            }
 
            viewData.formErrors = helpers.collectFormErrors(form);
            helpers.render(req, res, view, viewData);
          },
          // If we get here, it means the user is doing a simple GET request, so we
          // should just render the forgot password template.
          empty: function (form) {
            helpers.render(req, res, view, { form: form, organization: req.organization });
          }
        });
      });
    }
  }, next);
};