Now disableing users while they're in the process of resetting their password
ref #40
This commit is contained in:
@@ -118,7 +118,7 @@ export class RefreshTokenCountInvalidError extends NotAcceptableError {
|
||||
}
|
||||
|
||||
/**
|
||||
* Error to throw when someone tryes to refresh a user's password more than once in 15 minutes.
|
||||
* Error to throw when someone tryes to reset a user's password more than once in 15 minutes.
|
||||
*/
|
||||
export class ResetAlreadyRequestedError extends NotAcceptableError {
|
||||
@IsString()
|
||||
@@ -126,4 +126,15 @@ export class ResetAlreadyRequestedError extends NotAcceptableError {
|
||||
|
||||
@IsString()
|
||||
message = "You already requested a password reset in the last 15 minutes. \n Please wait until the old reset code expires before requesting a new one."
|
||||
}
|
||||
|
||||
/**
|
||||
* Error to throw when someone tries a disabled user's password or login as a disabled user.
|
||||
*/
|
||||
export class UserDisabledError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "UserDisabledError"
|
||||
|
||||
@IsString()
|
||||
message = "This user is currently disabled. \n Please contact your administrator if this is a mistake."
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
import { IsEmail, IsOptional, IsString } from 'class-validator';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { ResetAlreadyRequestedError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { ResetAlreadyRequestedError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
|
||||
import { JwtCreator } from '../../jwtcreator';
|
||||
import { User } from '../entities/User';
|
||||
@@ -33,14 +33,13 @@ export class CreateResetToken {
|
||||
throw new UsernameOrEmailNeededError();
|
||||
}
|
||||
let found_user = await getConnectionManager().get().getRepository(User).findOne({ where: [{ username: this.username }, { email: this.email }] });
|
||||
if (!found_user) {
|
||||
throw new UserNotFoundError();
|
||||
}
|
||||
|
||||
if (!found_user) { throw new UserNotFoundError(); }
|
||||
if (found_user.enabled == false) { throw new UserDisabledError(); }
|
||||
if (found_user.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 15 * 60)) { throw new ResetAlreadyRequestedError(); }
|
||||
|
||||
found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
|
||||
found_user.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
|
||||
found_user.enabled = false;
|
||||
await getConnectionManager().get().getRepository(User).save(found_user);
|
||||
|
||||
//Create the reset
|
||||
|
||||
@@ -3,7 +3,7 @@ import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
|
||||
import * as jsonwebtoken from 'jsonwebtoken';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { config } from '../../config';
|
||||
import { IllegalJWTError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { IllegalJWTError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { User } from '../entities/User';
|
||||
|
||||
/**
|
||||
@@ -44,15 +44,13 @@ export class ResetPassword {
|
||||
}
|
||||
|
||||
const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] });
|
||||
if (!found_user) {
|
||||
throw new UserNotFoundError()
|
||||
}
|
||||
if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
|
||||
throw new RefreshTokenCountInvalidError()
|
||||
}
|
||||
if (!found_user) { throw new UserNotFoundError(); }
|
||||
if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError(); }
|
||||
if (found_user.enabled == false) { throw new UserDisabledError(); }
|
||||
|
||||
found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
|
||||
found_user.password = await argon2.hash(this.password + found_user.uuid);
|
||||
found_user.enabled = true;
|
||||
await getConnectionManager().get().getRepository(User).save(found_user);
|
||||
|
||||
return "password reset successfull";
|
||||
|
||||
Reference in New Issue
Block a user