Sign upLogin

baublet/w8mngr

View on GitHub
Star
api/dataServices/user/resetPassword.ts

Summary

Maintainability
A
2 hrs
Test Coverage
import { assertIsError } from "../../../shared";
import { ReturnTypeWithErrors } from "../../../shared/types";
import { createDigest, hashPassword } from "../../authentication";
import { dbService } from "../../config/db";
import { Context } from "../../createContext";
import { tokenDataService } from "../token";
import { TOKEN_EXPIRY_OFFSET } from "../token/types";
import { userAccountDataService } from "../userAccount/";
import { userDataService } from "./";
import { UserEntity } from "./types";

export async function resetPassword(
  context: Context,
  credentials: {
    passwordResetToken: string;
    password: string;
    passwordConfirmation: string;
  }
): Promise<
  ReturnTypeWithErrors<{
    user: UserEntity;
    token: string;
    rememberToken: string;
  }>
> {
  if (credentials.password !== credentials.passwordConfirmation) {
    throw new Error("Passwords don't match");
  }

  const tokenDigest = createDigest(credentials.passwordResetToken);
  const token = await tokenDataService.findOneOrFail(context, (q) =>
    q
      .where("tokenDigest", "=", tokenDigest)
      .andWhere("type", "=", "passwordReset")
  );

  const databaseService = await context.services.get(dbService);
  await databaseService.transact();
  try {
    const passwordHash = await hashPassword(credentials.password);

    const account = await userAccountDataService.findOneOrFail(context, (q) =>
      q.where("id", "=", token.userAccountId)
    );

    await userAccountDataService.update(
      context,
      (q) => q.where("id", "=", account.id),
      { passwordHash }
    );

    const user = await userDataService.findOneOrFail(context, (q) =>
      q.where("id", "=", account.userId)
    );

    await tokenDataService.deleteBy(context, (q) =>
      q.where("id", "=", token.id)
    );

    const authTokenResult = await tokenDataService.getOrCreate(context, {
      type: "auth",
      userAccountId: account.id,
    });

    const rememberTokenResult = await tokenDataService.getOrCreate(context, {
      type: "remember",
      userAccountId: account.id,
    });

    await databaseService.commit();

    context.setCookie("w8mngrAuth", authTokenResult.token, {
      expires: new Date(Date.now() + TOKEN_EXPIRY_OFFSET.auth),
    });
    context.setCookie("w8mngrRemember", authTokenResult.token, {
      expires: new Date(Date.now() + TOKEN_EXPIRY_OFFSET.remember),
    });

    return {
      user,
      token: authTokenResult.token,
      rememberToken: rememberTokenResult.token,
    };
  } catch (error) {
    await databaseService.rollback(error);
    assertIsError(error);
    return error;
  }
}