Change password in database to new reset password

2025-11-19 03:01:59 +10:00 · 2023-06-05 14:36:20 +00:00
parent 8dc9c9d72d
commit 6e2b05f835
5 changed files with 71 additions and 25 deletions
--- a/apps/web/pages/api/auth/forgot-password.ts
+++ b/apps/web/pages/api/auth/forgot-password.ts
@ -24,7 +24,6 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {
  }

  const token = crypto.randomBytes(64).toString("hex");
-
  const passwordResetToken = await prisma.passwordResetToken.create({
    data: {
      token,
@ -34,7 +33,7 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {

  await sendResetPassword(user, passwordResetToken.token);

-  res.status(201).end();
+  res.status(200).json({ message: "Password reset email sent." });
 }

 export default defaultHandler({
--- a/apps/web/pages/api/auth/reset-password.ts
+++ b/apps/web/pages/api/auth/reset-password.ts
@ -1,40 +1,53 @@
 import { NextApiRequest, NextApiResponse } from "next";
+import { hashPassword } from "@documenso/lib/auth";
 import { sendResetPassword } from "@documenso/lib/mail";
 import { defaultHandler, defaultResponder } from "@documenso/lib/server";
 import prisma from "@documenso/prisma";
-import crypto from "crypto";

 async function postHandler(req: NextApiRequest, res: NextApiResponse) {
-  const { email } = req.body;
-  const cleanEmail = email.toLowerCase();
+  const { token, password } = req.body;

-  if (!cleanEmail || !cleanEmail.includes("@")) {
-    res.status(422).json({ message: "Invalid email" });
+  if (!token) {
+    res.status(422).json({ message: "Invalid token" });
    return;
  }

-  const user = await prisma.user.findFirst({
+  const foundToken = await prisma.passwordResetToken.findUnique({
    where: {
-      email: cleanEmail,
+      token,
+    },
+    include: {
+      User: true,
    },
  });

-  if (!user) {
-    return res.status(400).json({ message: "No user found with this email." });
+  if (!foundToken) {
+    return res.status(400).json({ message: "Invalid token." });
  }

-  const token = crypto.randomBytes(64).toString("hex");
+  const hashedPassword = await hashPassword(password);

-  const passwordResetToken = await prisma.passwordResetToken.create({
-    data: {
-      token,
-      userId: user.id,
-    },
-  });
+  const transaction = await prisma.$transaction([
+    prisma.user.update({
+      where: {
+        id: foundToken.userId,
+      },
+      data: {
+        password: hashedPassword,
+      },
+    }),
+    prisma.passwordResetToken.delete({
+      where: {
+        token,
+      },
+    }),
+  ]);

-  await sendResetPassword(user, passwordResetToken.token);
+  if (!transaction) {
+    return res.status(500).json({ message: "Error resetting password." });
+  }

-  res.status(201).end();
+  res.status(200).json({ message: "Password reset successful." });
 }

 export default defaultHandler({
--- a/apps/web/pages/auth/reset/[token].tsx
+++ b/apps/web/pages/auth/reset/[token].tsx
@ -1,6 +1,6 @@
 import Head from "next/head";
 import { getUserFromToken } from "@documenso/lib/server";
-import ResetPassword from "../../components/reset-password";
+import ResetPassword from "../../../components/reset-password";

 export default function ResetPasswordPage(props: any) {
  return (