api: Use baseUrl in email links

This commit is contained in:
Paul Bienkowski 2021-02-28 22:57:43 +01:00
parent e1a9898fd9
commit b80b219748
2 changed files with 25 additions and 38 deletions

View file

@ -2,6 +2,9 @@ const crypto = require('crypto');
const mongoose = require('mongoose'); const mongoose = require('mongoose');
const sendEmail = require('../_helpers/send-email'); const sendEmail = require('../_helpers/send-email');
const User = mongoose.model('User'); const User = mongoose.model('User');
const config = require('../config');
const baseUrl = config.baseUrl.replace(/\/+$/, '');
module.exports = { module.exports = {
register, register,
@ -11,12 +14,12 @@ module.exports = {
resetPassword, resetPassword,
}; };
async function register(params, origin) { async function register(params) {
const user = await User.findOne({ email: params.email }); const user = await User.findOne({ email: params.email });
if (user) { if (user) {
// send already registered error in email to prevent account enumeration // send already registered error in email to prevent account enumeration
return await sendAlreadyRegisteredEmail(params.email, origin); return await sendAlreadyRegisteredEmail(params.email);
} }
const newUser = new User(); const newUser = new User();
@ -30,7 +33,7 @@ async function register(params, origin) {
await newUser.save(); await newUser.save();
// send email // send email
await sendVerificationEmail(newUser, origin); await sendVerificationEmail(newUser);
} }
async function verifyEmail({ token }) { async function verifyEmail({ token }) {
@ -45,7 +48,7 @@ async function verifyEmail({ token }) {
await account.save(); await account.save();
} }
async function forgotPassword({ email }, origin) { async function forgotPassword({ email }) {
const account = await User.findOne({ email }); const account = await User.findOne({ email });
console.log('forgotPassword', account, email); console.log('forgotPassword', account, email);
@ -63,7 +66,7 @@ async function forgotPassword({ email }, origin) {
console.log('forgotPassword account saved', account); console.log('forgotPassword account saved', account);
// send email // send email
await sendPasswordResetEmail(account, origin); await sendPasswordResetEmail(account);
} }
async function validateResetToken({ token }) { async function validateResetToken({ token }) {
@ -97,33 +100,24 @@ function randomTokenString() {
return crypto.randomBytes(40).toString('hex'); return crypto.randomBytes(40).toString('hex');
} }
async function sendVerificationEmail(account, origin) { async function sendVerificationEmail(account) {
let message; const verifyUrl = `${baseUrl}/verify-email?token=${account.verificationToken}`;
if (origin) { const html = [
const verifyUrl = `${origin}/verify-email?token=${account.verificationToken}`; '<h4>Verify Email</h4>',
message = `<p>Please click the below link to verify your email address:</p> '<p>Thanks for registering!</p>',
<p><a href="${verifyUrl}">${verifyUrl}</a></p>`; '<p>Please click the below link to verify your email address:</p>',
} else { `<p><a href="${verifyUrl}">${verifyUrl}</a></p>`,
message = `<p>Please use the below token to verify your email address with the <code>/verify-email</code> api route:</p> ].join('\n')
<p><code>${account.verificationToken}</code></p>`;
}
await sendEmail({ await sendEmail({
to: account.email, to: account.email,
subject: 'Sign-up Verification API - Verify Email', subject: 'Sign-up Verification API - Verify Email',
html: `<h4>Verify Email</h4> html,
<p>Thanks for registering!</p>
${message}`,
}); });
} }
async function sendAlreadyRegisteredEmail(email, origin) { async function sendAlreadyRegisteredEmail(email) {
let message; const message = `<p>If you don't know your password please visit the <a href="${baseUrl}/forgot-password">forgot password</a> page.</p>`;
if (origin) {
message = `<p>If you don't know your password please visit the <a href="${origin}/forgot-password">forgot password</a> page.</p>`;
} else {
message = `<p>If you don't know your password you can reset it via the <code>/forgot-password</code> api route.</p>`;
}
await sendEmail({ await sendEmail({
to: email, to: email,
@ -134,17 +128,10 @@ async function sendAlreadyRegisteredEmail(email, origin) {
}); });
} }
async function sendPasswordResetEmail(account, origin) { async function sendPasswordResetEmail(account) {
let message; const resetUrl = `${baseUrl}/reset-password?token=${account.resetToken.token}`;
if (origin) { const message = `<p>Please click the below link to reset your password, the link will be valid for 1 day:</p>
const resetUrl = `${origin}/reset-password?token=${account.resetToken.token}`; <p><a href="${resetUrl}">${resetUrl}</a></p>`;
message = `<p>Please click the below link to reset your password, the link will be valid for 1 day:</p>
<p><a href="${resetUrl}">${resetUrl}</a></p>`;
} else {
message = `<p>Please use the below token to reset your password with the <code>/reset-password</code> api route:</p>
<p><code>${account.resetToken.token}</code></p>`;
}
await sendEmail({ await sendEmail({
to: account.email, to: account.email,
subject: 'Sign-up Verification API - Reset Password', subject: 'Sign-up Verification API - Reset Password',

View file

@ -447,7 +447,7 @@ router
}), }),
), ),
wrapRoute(async (req, res) => { wrapRoute(async (req, res) => {
await accountService.register(req.body, req.get('origin')); await accountService.register(req.body);
return res.render('message', { return res.render('message', {
type: 'success', type: 'success',
@ -486,7 +486,7 @@ router
}), }),
), ),
wrapRoute(async (req, res) => { wrapRoute(async (req, res) => {
await accountService.forgotPassword(req.body, req.get('origin')); await accountService.forgotPassword(req.body);
res.render('message', { res.render('message', {
type: 'success', type: 'success',
title: 'Recovery mail sent', title: 'Recovery mail sent',