RESET PASSWORD
const crypto = require("crypto")
exports.getReset = (req, res, next) => {
let message = req.flash('error');
if (message.length > 0) {
message = message[0];
} else {
message = null;
}
res.render('auth/reset', {
path: '/reset',
pageTitle: 'Reset Password',
errorMessage: message
});
};
exports.postReset = (req, res, next) => {
crypto.randomBytes(32, (err, buffer) => {
if (err) {
console.log(err)
return res.redirect("/reset")
}
// create a token
const token = buffer.toString('hex');
User.findOne({ email: req.body.email })
.then(user => {
// no user : return
if (!user) {
req.flash('error', 'No account with that email found.');
return res.redirect("/reset")
}
// if user : set token and save
user.resetToken = token;
user.resetTokenExpiration = Date.now() + 3600000;
return user.save();
})
// user has been save with token
.then(() => {
res.redirect("/")
// mail options
var mailOptions = {
from: '[email protected]',
to: req.body.email,
subject: 'Reset your password',
html: `<h1>Reset your password !</h1>
<br>
<p>Click this link to reset your password : <a href="<http://localhost:3000/reset/${token}>">Reset my password</a></p>
<p>Warning ! This link will only be available for 1 hour</p>`
};
// send the mail
transporter.sendMail(mailOptions, function (error, info) {
if (error) {
console.log(error);
} else {
console.log('Email sent: ' + info.response);
}
});
})
.catch(err => {
console.log(err)
})
})
}
// bien penser a rajouter nos champs hidden pour le reset-password.ejs
<input type="hidden" name="_csrf" value="<%= csrfToken %>">
<input type="hidden" name="userId" value="<%= userId %>">
<input type="hidden" name="token" value="<%= token %>">
<button class="btn" type="submit">Update password</button>