1 let crypto = require('crypto')
2 let XDate = require('xdate')
5 let nodemailer_noreply = await env.site.get_nodemailer(
6 '/_config/nodemailer_noreply.json'
8 let post_request = await _require('/_lib/post_request.jst')
9 let session_cookie = await _require('/_lib/session_cookie.jst')
10 let Problem = await _require('/_lib/Problem.jst')
16 async (email, password) => {
17 // coerce and/or validate
18 email = email.slice(0, 256).toLowerCase()
19 password = password.slice(0, 256)
20 if (email.length === 0 || password.length < 8)
23 'Minimum length check failed',
27 let transaction = await env.site.database.Transaction()
29 // initialize env.session_key, set cookie in env.response
30 await session_cookie(env, transaction)
34 await transaction.get({})
37 if (account === undefined)
39 'Account does not exist',
40 `Please create the account for "${email}" before attempting to reset its password.`
44 let link_code = crypto.randomBytes(16).toString('hex')
45 let expires = new XDate()
49 {password, link_code, expires: expires.getTime()}
52 let globals = await (await transaction.get({})).get('globals')
53 let site_url = await globals.get_json('site_url')
54 let noreply_from = await globals.get_json('noreply_from')
55 let noreply_signature = await globals.get_json('noreply_signature')
57 let given_names = await account.get_json('given_names', '')
58 let family_name = await account.get_json('family_name', '')
60 family_name.length ? `${given_names} ${family_name}` : given_names
62 await nodemailer_noreply.sendMail(
65 to: `${name} <${email}>`,
66 subject: 'Password reset',
67 text: `Dear ${given_names},
69 We have received a request to reset the account password for your email address.
71 If this request is valid, please verify the new password by visiting the below link:
72 ${site_url}/my_account/verify_password/index.html?email=${encodeURIComponent(email)}&link_code=${encodeURIComponent(link_code)}
74 The link is valid for 24 hours.
82 await transaction.commit()
85 transaction.rollback()