api: Use baseUrl in email links
This commit is contained in:
Paul Bienkowski
parent
e1a9898fd9
commit
b80b219748
|
|
@ -2,6 +2,9 @@ const crypto = require('crypto');
|
|||
const mongoose = require('mongoose');
|
||||
const sendEmail = require('../_helpers/send-email');
|
||||
const User = mongoose.model('User');
|
||||
const config = require('../config');
|
||||
|
||||
const baseUrl = config.baseUrl.replace(/\/+$/, '');
|
||||
|
||||
module.exports = {
|
||||
register,
|
||||
|
|
@ -11,12 +14,12 @@ module.exports = {
|
|||
resetPassword,
|
||||
};
|
||||
|
||||
async function register(params, origin) {
|
||||
async function register(params) {
|
||||
const user = await User.findOne({ email: params.email });
|
||||
|
||||
if (user) {
|
||||
// send already registered error in email to prevent account enumeration
|
||||
return await sendAlreadyRegisteredEmail(params.email, origin);
|
||||
return await sendAlreadyRegisteredEmail(params.email);
|
||||
}
|
||||
|
||||
const newUser = new User();
|
||||
|
|
@ -30,7 +33,7 @@ async function register(params, origin) {
|
|||
await newUser.save();
|
||||
|
||||
// send email
|
||||
await sendVerificationEmail(newUser, origin);
|
||||
await sendVerificationEmail(newUser);
|
||||
}
|
||||
|
||||
async function verifyEmail({ token }) {
|
||||
|
|
@ -45,7 +48,7 @@ async function verifyEmail({ token }) {
|
|||
await account.save();
|
||||
}
|
||||
|
||||
async function forgotPassword({ email }, origin) {
|
||||
async function forgotPassword({ email }) {
|
||||
const account = await User.findOne({ email });
|
||||
|
||||
console.log('forgotPassword', account, email);
|
||||
|
|
@ -63,7 +66,7 @@ async function forgotPassword({ email }, origin) {
|
|||
console.log('forgotPassword account saved', account);
|
||||
|
||||
// send email
|
||||
await sendPasswordResetEmail(account, origin);
|
||||
await sendPasswordResetEmail(account);
|
||||
}
|
||||
|
||||
async function validateResetToken({ token }) {
|
||||
|
|
@ -97,33 +100,24 @@ function randomTokenString() {
|
|||
return crypto.randomBytes(40).toString('hex');
|
||||
}
|
||||
|
||||
async function sendVerificationEmail(account, origin) {
|
||||
let message;
|
||||
if (origin) {
|
||||
const verifyUrl = `${origin}/verify-email?token=${account.verificationToken}`;
|
||||
message = `<p>Please click the below link to verify your email address:</p>
|
||||
<p><a href="${verifyUrl}">${verifyUrl}</a></p>`;
|
||||
} else {
|
||||
message = `<p>Please use the below token to verify your email address with the <code>/verify-email</code> api route:</p>
|
||||
<p><code>${account.verificationToken}</code></p>`;
|
||||
}
|
||||
async function sendVerificationEmail(account) {
|
||||
const verifyUrl = `${baseUrl}/verify-email?token=${account.verificationToken}`;
|
||||
const html = [
|
||||
'<h4>Verify Email</h4>',
|
||||
'<p>Thanks for registering!</p>',
|
||||
'<p>Please click the below link to verify your email address:</p>',
|
||||
`<p><a href="${verifyUrl}">${verifyUrl}</a></p>`,
|
||||
].join('\n')
|
||||
|
||||
await sendEmail({
|
||||
to: account.email,
|
||||
subject: 'Sign-up Verification API - Verify Email',
|
||||
html: `<h4>Verify Email</h4>
|
||||
<p>Thanks for registering!</p>
|
||||
${message}`,
|
||||
html,
|
||||
});
|
||||
}
|
||||
|
||||
async function sendAlreadyRegisteredEmail(email, origin) {
|
||||
let message;
|
||||
if (origin) {
|
||||
message = `<p>If you don't know your password please visit the <a href="${origin}/forgot-password">forgot password</a> page.</p>`;
|
||||
} else {
|
||||
message = `<p>If you don't know your password you can reset it via the <code>/forgot-password</code> api route.</p>`;
|
||||
}
|
||||
async function sendAlreadyRegisteredEmail(email) {
|
||||
const message = `<p>If you don't know your password please visit the <a href="${baseUrl}/forgot-password">forgot password</a> page.</p>`;
|
||||
|
||||
await sendEmail({
|
||||
to: email,
|
||||
|
|
@ -134,17 +128,10 @@ async function sendAlreadyRegisteredEmail(email, origin) {
|
|||
});
|
||||
}
|
||||
|
||||
async function sendPasswordResetEmail(account, origin) {
|
||||
let message;
|
||||
if (origin) {
|
||||
const resetUrl = `${origin}/reset-password?token=${account.resetToken.token}`;
|
||||
message = `<p>Please click the below link to reset your password, the link will be valid for 1 day:</p>
|
||||
<p><a href="${resetUrl}">${resetUrl}</a></p>`;
|
||||
} else {
|
||||
message = `<p>Please use the below token to reset your password with the <code>/reset-password</code> api route:</p>
|
||||
<p><code>${account.resetToken.token}</code></p>`;
|
||||
}
|
||||
|
||||
async function sendPasswordResetEmail(account) {
|
||||
const resetUrl = `${baseUrl}/reset-password?token=${account.resetToken.token}`;
|
||||
const message = `<p>Please click the below link to reset your password, the link will be valid for 1 day:</p>
|
||||
<p><a href="${resetUrl}">${resetUrl}</a></p>`;
|
||||
await sendEmail({
|
||||
to: account.email,
|
||||
subject: 'Sign-up Verification API - Reset Password',
|
||||
|
|
|
|||
|
|
@ -447,7 +447,7 @@ router
|
|||
}),
|
||||
),
|
||||
wrapRoute(async (req, res) => {
|
||||
await accountService.register(req.body, req.get('origin'));
|
||||
await accountService.register(req.body);
|
||||
|
||||
return res.render('message', {
|
||||
type: 'success',
|
||||
|
|
@ -486,7 +486,7 @@ router
|
|||
}),
|
||||
),
|
||||
wrapRoute(async (req, res) => {
|
||||
await accountService.forgotPassword(req.body, req.get('origin'));
|
||||
await accountService.forgotPassword(req.body);
|
||||
res.render('message', {
|
||||
type: 'success',
|
||||
title: 'Recovery mail sent',
|
||||
|
|
|
|||
Loading…
Reference in a new issue