1 let crypto = require('crypto')
2 let jst_server = (await import('@ndcode/jst_server')).default
3 let XDate = require('xdate')
6 let get_nodemailer = await _require('/_lib/get_nodemailer.jst')
7 let post_request = await _require('/_lib/post_request.jst')
13 async (email, password) => {
14 // coerce and/or validate
15 email = email.slice(0, 256).toLowerCase()
16 password = password.slice(0, 256)
17 if (email.length === 0 || password.length < 8)
18 throw new jst_server.Problem(
20 'Minimum length check failed',
24 let transaction = await env.site.database.Transaction()
27 let noreply_from, noreply_signature
28 let given_names, family_name
30 let root = await transaction.get({})
31 let accounts = await root.get('accounts', {})
32 let account = await accounts.get(email)
33 if (account === undefined)
34 throw new jst_server.Problem(
35 'Account does not exist',
36 `Please create the account for "${email}" before attempting to reset its password.`
40 link_code = crypto.randomBytes(16).toString('hex')
41 let expires = new XDate(env.now)
45 {password, link_code, expires: expires.getTime()}
48 nodemailer = await get_nodemailer(root, 'noreply')
50 let globals = await root.get('globals', {})
51 site_url = await globals.get_json('site_url')
52 noreply_from = await globals.get_json('noreply_from')
53 noreply_signature = await globals.get_json('noreply_signature')
55 given_names = await account.get_json('given_names', '')
56 family_name = await account.get_json('family_name', '')
58 await transaction.commit()
61 transaction.rollback()
66 family_name.length ? `${given_names} ${family_name}` : given_names
67 await nodemailer.sendMail(
70 to: `${name} <${email}>`,
71 subject: 'Password reset',
72 text: `Dear ${given_names},
74 We have received a request to reset the account password for your email address.
76 If this request is valid, please verify the new password by visiting the below link:
77 ${site_url}/my_account/verify_password/index.html?email=${encodeURIComponent(email)}&link_code=${encodeURIComponent(link_code)}
79 The link is valid for 24 hours.