Password reset #464

2018-05-31T18:42:56+02:00

bones7242 commented

2018-05-31 18:42:56 +02:00

(Migrated from github.com)

added api route to allow for password reset via old password or master password in config

- added api route to allow for password reset via old password or master password in config

neb-b (Migrated from github.com) requested changes 2018-05-31 20:19:05 +02:00

neb-b (Migrated from github.com) left a comment

Just the one comment about user

Just the one comment about `user`

server/controllers/api/user/password/index.js

					
				@ -0,0 +33,4 @@

				    },

				  })

				  .then(user => {

				    userRecord = user;

neb-b (Migrated from github.com) commented

2018-05-31 20:14:09 +02:00

Why don't you just use user here?

Why don't you just use `user` here?

neb-b (Migrated from github.com) reviewed 2018-05-31 20:21:58 +02:00

server/controllers/api/user/password/index.js

					
				@ -0,0 +1,69 @@

				const { handleErrorResponse } = require('../../../utils/errorHandlers.js');

				const logger = require('winston');

				const db = require('../../../../models');

				const { auth: { masterPassword } } = require('../../../../../config/siteConfig.js');

neb-b (Migrated from github.com) commented

2018-05-31 20:21:58 +02:00

This seems like it could be a security vulnerability?

bones7242 (Migrated from github.com) reviewed 2018-05-31 20:35:32 +02:00

server/controllers/api/user/password/index.js

					
				@ -0,0 +33,4 @@

				    },

				  })

				  .then(user => {

				    userRecord = user;

bones7242 (Migrated from github.com) commented

2018-05-31 20:35:32 +02:00

I need the user object to be available in the next .then in the chain, so I hoisted it up to the updateUserPassword's scope by defining userRecord there. Is there a better pattern? I need the user object before I can check for a password match, and have to check for a password match before operating on that user object to change the password.

I need the `user` object to be available in the next `.then` in the chain, so I hoisted it up to the `updateUserPassword`'s scope by defining `userRecord` there. Is there a better pattern? I need the `user` object before I can check for a password match, and have to check for a password match before operating on that user object to change the password.

neb-b (Migrated from github.com) reviewed 2018-05-31 23:11:29 +02:00

server/controllers/api/user/password/index.js

					
				@ -0,0 +33,4 @@

				    },

				  })

				  .then(user => {

				    userRecord = user;

neb-b (Migrated from github.com) commented

2018-05-31 23:11:29 +02:00

Oh duh.

bones7242 (Migrated from github.com) reviewed 2018-06-07 01:40:41 +02:00

server/controllers/api/user/password/index.js

					
				@ -0,0 +1,69 @@

				const { handleErrorResponse } = require('../../../utils/errorHandlers.js');

				const logger = require('winston');

				const db = require('../../../../models');

				const { auth: { masterPassword } } = require('../../../../../config/siteConfig.js');

bones7242 (Migrated from github.com) commented

2018-06-07 01:40:41 +02:00

As discussed in standup, the siteConfig will not be kept in version control (it is pulled from www.spee.ch's config which is gitignored). I'm going to merge.

Sign in to join this conversation.

No reviewers

neb-b

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: LBRYCommunity/spee.ch#464