1 let crypto = require('crypto')
2 let nodemailer = require('nodemailer')
3 let XDate = require('xdate')
6 let get_globals = await _require('/_lib/get_globals.jst')
7 let get_session = await _require('/_lib/get_session.jst')
8 let post_request = await _require('/_lib/post_request.jst')
9 let Problem = await _require('/_lib/Problem.jst')
15 async (email, password) => {
16 // coerce and/or validate
17 email = email.slice(0, 256).toLowerCase()
18 password = password.slice(0, 256)
19 if (email.length === 0 || password.length < 8)
22 'Minimum length check failed',
26 let transaction = await env.site.database.Transaction()
28 let nodemailer_noreply, noreply_from, noreply_signature
29 let given_names, family_name
31 // initialize env.session_key, set cookie in env.response
32 await get_session(env, transaction)
36 await transaction.get({})
39 if (account === undefined)
41 'Account does not exist',
42 `Please create the account for "${email}" before attempting to reset its password.`
46 link_code = crypto.randomBytes(16).toString('hex')
47 let expires = new XDate()
51 {password, link_code, expires: expires.getTime()}
54 nodemailer_noreply = nodemailer.createTransport(
57 await transaction.get({})
61 let globals = await get_globals(env, transaction)
62 site_url = await globals.get_json('site_url')
63 noreply_from = await globals.get_json('noreply_from')
64 noreply_signature = await globals.get_json('noreply_signature')
66 given_names = await account.get_json('given_names', '')
67 family_name = await account.get_json('family_name', '')
69 await transaction.commit()
72 transaction.rollback()
77 family_name.length ? `${given_names} ${family_name}` : given_names
78 await nodemailer_noreply.sendMail(
81 to: `${name} <${email}>`,
82 subject: 'Password reset',
83 text: `Dear ${given_names},
85 We have received a request to reset the account password for your email address.
87 If this request is valid, please verify the new password by visiting the below link:
88 ${site_url}/my_account/verify_password/index.html?email=${encodeURIComponent(email)}&link_code=${encodeURIComponent(link_code)}
90 The link is valid for 24 hours.