1 let crypto = require('crypto')
2 let logjson = (await import('@ndcode/logjson')).default
3 let XDate = require('xdate')
6 let post_request = await _require('/_lib/post_request.jst')
7 let session_cookie = await _require('/_lib/session_cookie.jst')
8 let Problem = await _require('/_lib/Problem.jst')
14 '/api/verify_password.json',
16 async (email, link_code) => {
17 // coerce and/or validate
18 email = email.slice(0, 256).toLowerCase()
19 link_code = link_code.slice(0, 256).toLowerCase()
20 if (email.length === 0 || link_code.length < 32)
23 'Minimum length check failed',
27 let transaction = await env.site.database.Transaction()
29 // initialize env.session_key, set cookie in env.response
30 await session_cookie(env, transaction)
34 await transaction.get({})
37 if (account === undefined)
39 'Account does not exist',
40 `Please create the account for "${email}" before attempting to verify the password reset link.`
44 let verify_password = await account.get('verify_password')
46 verify_password === undefined ||
47 XDate.now() >= await logjson.logjson_to_json(
48 await verify_password.get('expires')
53 `Password reset link code for account "${email}" does not exist or has expired.`,
57 link_code !== await logjson.logjson_to_json(
58 await verify_password.get('link_code')
63 `Provided password reset link code "${link_code}" does not match expected value.`,
67 await account.delete('verify_password')
68 await account.set('password', await verify_password.get('password'))
70 await transaction.commit()
73 transaction.rollback()