Change password in database to new reset password

2025-11-14 08:42:12 +10:00 · 2023-06-05 14:36:20 +00:00
parent 8dc9c9d72d
commit 6e2b05f835
5 changed files with 71 additions and 25 deletions
--- a/apps/web/components/reset-password.tsx
+++ b/apps/web/components/reset-password.tsx
@ -1,4 +1,5 @@
 import Link from "next/link";
+import { useRouter } from "next/router";
 import { Button } from "@documenso/ui";
 import Logo from "./logo";
 import { ArrowLeftIcon } from "@heroicons/react/24/outline";
@ -11,14 +12,50 @@ interface IResetPassword {
 }

 export default function ResetPassword(props: any) {
+  const router = useRouter();
+  const { token } = router.query;
+
  const methods = useForm<IResetPassword>();
  const { register, formState, watch } = methods;
  const password = watch("password", "");

  const onSubmit = async (values: IResetPassword) => {
+    await toast.promise(
+      fetch(`/api/auth/reset-password`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({ password: values.password, token }),
+      }),
+      {
+        loading: "Resetting...",
+        success: `Reset password successful`,
+        error: "Could not reset password :/",
+      }
+    );
+
    console.log(values);
  };

+  if (!token) {
+    return (
+      <div className="flex min-h-full items-center justify-center py-12 px-4 sm:px-6 lg:px-8">
+        <div className="w-full max-w-md space-y-8">
+          <div>
+            <Logo className="mx-auto h-20 w-auto"></Logo>
+            <h2 className="mt-6 text-center text-3xl font-bold tracking-tight text-gray-900">
+              Reset Password
+            </h2>
+            <p className="mt-2 text-center text-sm text-gray-600">
+              The token you provided is invalid. Please try again.
+            </p>
+          </div>
+        </div>
+      </div>
+    );
+  }
+
  return (
    <>
      <div className="flex min-h-full items-center justify-center py-12 px-4 sm:px-6 lg:px-8">
--- a/apps/web/pages/api/auth/forgot-password.ts
+++ b/apps/web/pages/api/auth/forgot-password.ts
@ -24,7 +24,6 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {
  }

  const token = crypto.randomBytes(64).toString("hex");
-
  const passwordResetToken = await prisma.passwordResetToken.create({
    data: {
      token,
@ -34,7 +33,7 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {

  await sendResetPassword(user, passwordResetToken.token);

-  res.status(201).end();
+  res.status(200).json({ message: "Password reset email sent." });
 }

 export default defaultHandler({
--- a/apps/web/pages/api/auth/reset-password.ts
+++ b/apps/web/pages/api/auth/reset-password.ts
@ -1,40 +1,53 @@
 import { NextApiRequest, NextApiResponse } from "next";
+import { hashPassword } from "@documenso/lib/auth";
 import { sendResetPassword } from "@documenso/lib/mail";
 import { defaultHandler, defaultResponder } from "@documenso/lib/server";
 import prisma from "@documenso/prisma";
-import crypto from "crypto";

 async function postHandler(req: NextApiRequest, res: NextApiResponse) {
-  const { email } = req.body;
-  const cleanEmail = email.toLowerCase();
+  const { token, password } = req.body;

-  if (!cleanEmail || !cleanEmail.includes("@")) {
-    res.status(422).json({ message: "Invalid email" });
+  if (!token) {
+    res.status(422).json({ message: "Invalid token" });
    return;
  }

-  const user = await prisma.user.findFirst({
+  const foundToken = await prisma.passwordResetToken.findUnique({
    where: {
-      email: cleanEmail,
+      token,
+    },
+    include: {
+      User: true,
    },
  });

-  if (!user) {
-    return res.status(400).json({ message: "No user found with this email." });
+  if (!foundToken) {
+    return res.status(400).json({ message: "Invalid token." });
  }

-  const token = crypto.randomBytes(64).toString("hex");
+  const hashedPassword = await hashPassword(password);

-  const passwordResetToken = await prisma.passwordResetToken.create({
-    data: {
-      token,
-      userId: user.id,
+  const transaction = await prisma.$transaction([
+    prisma.user.update({
+      where: {
+        id: foundToken.userId,
      },
-  });
+      data: {
+        password: hashedPassword,
+      },
+    }),
+    prisma.passwordResetToken.delete({
+      where: {
+        token,
+      },
+    }),
+  ]);

-  await sendResetPassword(user, passwordResetToken.token);
+  if (!transaction) {
+    return res.status(500).json({ message: "Error resetting password." });
+  }

-  res.status(201).end();
+  res.status(200).json({ message: "Password reset successful." });
 }

 export default defaultHandler({
--- a/apps/web/pages/auth/reset/[token].tsx
+++ b/apps/web/pages/auth/reset/[token].tsx
@ -1,6 +1,6 @@
 import Head from "next/head";
 import { getUserFromToken } from "@documenso/lib/server";
-import ResetPassword from "../../components/reset-password";
+import ResetPassword from "../../../components/reset-password";

 export default function ResetPasswordPage(props: any) {
  return (
--- a/packages/lib/mail/sendResetPassword.ts
+++ b/packages/lib/mail/sendResetPassword.ts
@ -7,10 +7,7 @@ export const sendResetPassword = async (user: User, token: string) => {
  await sendMail(
    user.email,
    "Forgot password?",
-    resetPasswordTemplate(
-      `${NEXT_PUBLIC_WEBAPP_URL}/api/auth/reset/${token}`,
-      "Reset Your Password"
-    )
+    resetPasswordTemplate(`${NEXT_PUBLIC_WEBAPP_URL}/auth/reset/${token}`, "Reset Your Password")
  ).catch((err) => {
    throw err;
  });