All files / src/methods send-reset-pwd.ts

100% Statements 24/24
92.31% Branches 12/13
100% Functions 1/1
100% Lines 24/24

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 631x 1x 1x 1x 1x 1x 1x 1x 1x         1x   1x         65x 65x 65x   65x   65x 65x   57x           8x 8x     49x             49x 49x                         49x    
import makeDebug from 'debug';
import concatIDAndHash from '../helpers/concat-id-and-hash';
import ensureObjPropsValid from '../helpers/ensure-obj-props-valid';
import getLongToken from '../helpers/get-long-token';
import getShortToken from '../helpers/get-short-token';
import getUserData from '../helpers/get-user-data';
import hashPassword from '../helpers/hash-password';
import notifier from '../helpers/notifier';
import isDateAfterNow from '../helpers/is-date-after-now';
 
import type { Id } from '@feathersjs/feathers';
import type { IdentifyUser, SanitizedUser, SendResetPwdOptions } from '../types';
 
const debug = makeDebug('authLocalMgnt:sendResetPwd');
 
export default async function sendResetPwd (
  options: SendResetPwdOptions,
  identifyUser: IdentifyUser,
  notifierOptions = {}
): Promise<SanitizedUser> {
  debug('sendResetPwd');
  const usersService = options.app.service(options.service);
  const usersServiceIdName = usersService.id;
 
  ensureObjPropsValid(identifyUser, options.identifyUserProps);
 
  const users = await usersService.find({ query: identifyUser });
  const user1 = getUserData(users, options.skipIsVerifiedCheck ? [] : ['isVerified']);
 
  if (
    // Use existing token when it's not hashed,
    options.reuseResetToken && user1.resetToken && user1.resetToken.includes('___') &&
    // and remaining time exceeds half of resetDelay
    isDateAfterNow(user1.resetExpires, options.resetDelay / 2)
  ) {
    await notifier(options.notifier, 'sendResetPwd', user1, notifierOptions);
    return options.sanitizeUserForClient(user1);
  }
 
  const user2 = Object.assign(user1, {
    resetExpires: Date.now() + options.resetDelay,
    resetAttempts: options.resetAttempts,
    resetToken: concatIDAndHash(user1[usersServiceIdName] as Id, await getLongToken(options.longTokenLen)),
    resetShortToken: await getShortToken(options.shortTokenLen, options.shortTokenDigits)
  });
 
  await notifier(options.notifier, 'sendResetPwd', user2, notifierOptions);
  const user3 = await usersService.patch(user2[usersServiceIdName], {
    resetExpires: user2.resetExpires,
    resetAttempts: user2.resetAttempts,
    resetToken:
      options.reuseResetToken
        ? user2.resetToken
        : await hashPassword(options.app, user2.resetToken, options.passwordField),
    resetShortToken:
      options.reuseResetToken
        ? user2.resetShortToken
        : await hashPassword(options.app, user2.resetShortToken, options.passwordField)
  });
 
  return options.sanitizeUserForClient(user3);
}