Updated email template text, removed token salting, changed token to base64 (24bit)
This commit is contained in:
Sahat Yalkabov
@ -101,15 +101,11 @@ exports.postForgot = function(req, res) {
|
|||||||
|
|
||||||
workflow.on('generateToken', function() {
|
workflow.on('generateToken', function() {
|
||||||
// generate token
|
// generate token
|
||||||
crypto.randomBytes(21, function(err, buf) {
|
crypto.randomBytes(24, function(err, buf) {
|
||||||
var token = buf.toString('hex');
|
if (err) return next(err);
|
||||||
// hash token
|
var token = buf.toString('base64');
|
||||||
bcrypt.genSalt(10, function(err, salt) {
|
console.log(token);
|
||||||
bcrypt.hash(token, salt, null, function(err, hash) {
|
workflow.emit('saveToken', token)
|
||||||
// next step
|
|
||||||
workflow.emit('saveToken', token, hash);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -117,7 +113,7 @@ exports.postForgot = function(req, res) {
|
|||||||
* Step 3: Save the token and token expiration
|
* Step 3: Save the token and token expiration
|
||||||
*/
|
*/
|
||||||
|
|
||||||
workflow.on('saveToken', function(token, hash) {
|
workflow.on('saveToken', function(token) {
|
||||||
// lookup user
|
// lookup user
|
||||||
User.findOne({ email: req.body.email.toLowerCase() }, function(err, user) {
|
User.findOne({ email: req.body.email.toLowerCase() }, function(err, user) {
|
||||||
if (err) {
|
if (err) {
|
||||||
@ -131,7 +127,7 @@ exports.postForgot = function(req, res) {
|
|||||||
return res.redirect('/forgot');
|
return res.redirect('/forgot');
|
||||||
}
|
}
|
||||||
|
|
||||||
user.resetPasswordToken = hash;
|
user.resetPasswordToken = token;
|
||||||
user.resetPasswordExpires = Date.now() + 10000000;
|
user.resetPasswordExpires = Date.now() + 10000000;
|
||||||
|
|
||||||
// update the user's record with the token
|
// update the user's record with the token
|
||||||
@ -152,8 +148,6 @@ exports.postForgot = function(req, res) {
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
workflow.on('sendEmail', function(token, user) {
|
workflow.on('sendEmail', function(token, user) {
|
||||||
|
|
||||||
// Create a reusable nodemailer transport method (opens a pool of SMTP connections)
|
|
||||||
var smtpTransport = nodemailer.createTransport('SMTP', {
|
var smtpTransport = nodemailer.createTransport('SMTP', {
|
||||||
service: 'SendGrid',
|
service: 'SendGrid',
|
||||||
auth: {
|
auth: {
|
||||||
@ -162,15 +156,14 @@ exports.postForgot = function(req, res) {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
console.log('User: ' + secrets.gmail.user);
|
|
||||||
console.log('Pass: ' + secrets.gmail.password);
|
|
||||||
|
|
||||||
// create email
|
|
||||||
var mailOptions = {
|
var mailOptions = {
|
||||||
to: user.profile.name + ' <' + user.email + '>',
|
to: user.profile.name + ' <' + user.email + '>',
|
||||||
from: 'hackathon@starter.com', // TODO parameterize
|
from: 'hackathon@starter.com',
|
||||||
subject: 'Password Reset Link',
|
subject: 'Hackathon Starter Password Reset',
|
||||||
text: 'Hello from hackathon-starter. Your password reset link is:' + '\n\n' + req.protocol + '://' + req.headers.host + '/reset/' + user.id + '/' + token
|
text: 'You are receiving this because you (or someone else) have requested the reset of the password for your account.\n\n' +
|
||||||
|
'Please click on the following link, or paste this into your browser to complete the process:\n\n' +
|
||||||
|
'http://' + req.headers.host + '/reset/' + token + '\n\n' +
|
||||||
|
'If you did not request this, please ignore this email and your password will remain unchanged.\n'
|
||||||
};
|
};
|
||||||
|
|
||||||
// send email
|
// send email
|
||||||
|
|||||||
Reference in New Issue
Block a user