mirror of https://gitgud.io/fatchan/jschan.git
closes #14
parent
c1468e74a0
commit
514b55a506
6 changed files with 137 additions and 0 deletions
@ -1,3 +1,4 @@ |
||||
node_modules/ |
||||
configs/*.json |
||||
uploads/img/* |
||||
gulp/dist/ |
||||
|
@ -0,0 +1,40 @@ |
||||
'use strict'; |
||||
|
||||
const bcrypt = require('bcrypt') |
||||
, Accounts = require(__dirname+'/../../db/accounts.js'); |
||||
|
||||
module.exports = async (req, res, next) => { |
||||
|
||||
const username = req.body.username.toLowerCase(); |
||||
const password = req.body.password; |
||||
const newPassword = req.body.newpassword; |
||||
|
||||
//fetch an account
|
||||
const account = await Accounts.findOne(username); |
||||
|
||||
//if the account doesnt exist, reject
|
||||
if (!account) { |
||||
return res.status(403).render('message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Incorrect username or password', |
||||
'redirect': redirect ? `/login?redirect=${redirect}` : '/changepassword' |
||||
}); |
||||
} |
||||
|
||||
// bcrypt compare input to saved hash
|
||||
const passwordMatch = await bcrypt.compare(password, account.passwordHash); |
||||
|
||||
//if hashes matched
|
||||
if (passwordMatch === true) { |
||||
//change the password
|
||||
await Accounts.changePassword(username, newPassword); |
||||
return res.redirect('/login'); |
||||
} |
||||
|
||||
return res.status(403).render('message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Incorrect username or password', |
||||
'redirect': redirect ? `/login?redirect=${redirect}` : '/login' |
||||
}); |
||||
|
||||
} |
@ -0,0 +1,10 @@ |
||||
'use strict'; |
||||
|
||||
module.exports = (req, res, next) => { |
||||
|
||||
//render the page
|
||||
res.render('changepassword', { |
||||
csrf: req.csrfToken() |
||||
}); |
||||
|
||||
} |
@ -0,0 +1,22 @@ |
||||
extends ../layout.pug |
||||
|
||||
block head |
||||
title Login |
||||
|
||||
block content |
||||
section.form-wrapper |
||||
form.form-post(action='/forms/changepassword' method='POST') |
||||
input(type='hidden' name='_csrf' value=csrf) |
||||
section.postform-section |
||||
.postform-label Username |
||||
input#username(type='text', name='username', placeholder='username' maxlength='50') |
||||
section.postform-section |
||||
.postform-label Existing Password |
||||
input#password(type='password', name='password', maxlength='100') |
||||
section.postform-section |
||||
.postform-label New Password |
||||
input#password(type='password', name='newpassword', maxlength='100') |
||||
section.postform-section |
||||
.postform-label Confirm New Password |
||||
input#password(type='password', name='newpasswordconfirm', maxlength='100') |
||||
input(type='submit', value='submit') |
Loading…
Reference in new issue