Reset Password with better error handling and validation, Email from …

…moved to environment settings
clevyr · Jul 5, 2014 · 084e84c · 084e84c
1 parent 9853bce
commit 084e84c
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 24 deletions.
diff --git a/config/env/development.js b/config/env/development.js
@@ -30,6 +30,7 @@ module.exports = {
         clientSecret: 'SECRET_KEY',
         callbackURL: 'http://localhost:3000/auth/linkedin/callback'
     },
+    emailFrom : 'SENDER EMAIL ADDRESS', // sender address like ABC <abc@example.com>
     mailer: {
         service: 'SERVICE_PROVIDER',
         auth: {

diff --git a/config/env/production.js b/config/env/production.js
@@ -30,6 +30,7 @@ module.exports = {
         clientSecret: 'SECRET_KEY',
         callbackURL: 'http://localhost:3000/auth/linkedin/callback'
     },
+    emailFrom : 'SENDER EMAIL ADDRESS', // sender address like ABC <abc@example.com>
     mailer: {
         service: 'SERVICE_PROVIDER',
         auth: {

diff --git a/config/env/test.js b/config/env/test.js
@@ -31,11 +31,12 @@ module.exports = {
         clientSecret: 'SECRET_KEY',
         callbackURL: 'http://localhost:3000/auth/linkedin/callback'
     },
-     mailer: {
-     service: 'SERVICE_PROVIDER',
-     auth: {
-          user: 'EMAIL_ID',
-          pass: 'PASSWORD'
-      }
+    emailFrom : 'SENDER EMAIL ADDRESS', // sender address like ABC <abc@example.com>
+    mailer: {
+        service: 'SERVICE_PROVIDER',
+        auth: {
+            user: 'EMAIL_ID',
+            pass: 'PASSWORD'
+        }
     }
 };
diff --git a/packages/users/public/controllers/meanUser.js b/packages/users/public/controllers/meanUser.js
@@ -90,6 +90,7 @@ angular.module('mean.users')
             $scope.resetpassword = function() {
                 $http.post('/reset/' + $stateParams.tokenId, {
                     password: $scope.user.password,
+                    confirmPassword: $scope.user.confirmPassword
                 })
                 .success(function(response) {
                     $rootScope.user = response.user;
@@ -105,8 +106,11 @@ angular.module('mean.users')
                         $location.url('/');
                     }
                 })
-                .error(function(response) {
-                    $scope.resetpassworderror = 'Could not update password as token is invalid or may have expired';
+                .error(function(error) {
+                    if (error.msg === 'Token invalid or expired')
+                        $scope.resetpassworderror = 'Could not update password as token is invalid or may have expired';
+                    else
+                        $scope.validationError = error;
                 });
             };
         }

diff --git a/packages/users/public/views/reset-password.html b/packages/users/public/views/reset-password.html
@@ -1,14 +1,21 @@
 <div data-ng-controller="ResetPasswordCtrl" class="reset-password">
-  <div class="alert alert-danger animated fadeIn" ng-show="resetpassworderror">{{resetpassworderror}}</div>
-  <h1>Enter your new password</h1>
-  <form ng-submit="resetpassword()" class="reset form-horizontal">
-    <label for="password" class="reset-password"> Enter your new password</label>
-    <div class="form-group enter-password">
-        <input id="password" type="password" name="password" class="form-control1" ng-model="user.password"/>
+    <div class="alert alert-danger animated fadeIn" ng-show="resetpassworderror">{{resetpassworderror}}</div>
+     <div ng-repeat="error in validationError">
+        <div class="alert alert-danger animated fadeIn">{{error.msg}}</div>
     </div>
-    <div class="form-group save">
-     <button type="submit" class="btn btn-primary">Save</button>
-    </div>
-  </form>
+    <h1>Enter your new password</h1>
+    <form ng-submit="resetpassword()" class="reset form-horizontal">
+        <div class="form-group">
+            <label for="password" class="reset-password col-md-2"> Enter Password</label>
+            <input id="password" type="password" name="password" ng-model="user.password"/>
+        </div>
+        <div class="form-group">
+            <label for="confirmPassword" class="col-md-2">Repeat Password</label>
+            <input id="confirmPassword" type="password" name="confirmPassword" ng-model="user.confirmPassword"/>
+        </div>
+        <div class="form-group save">
+           <button type="submit" class="btn btn-primary">Save</button>
+       </div>
+    </form>
 </div>
 
diff --git a/packages/users/server/controllers/users.js b/packages/users/server/controllers/users.js
@@ -136,14 +136,20 @@ exports.user = function(req, res, next, id) {
 exports.resetpassword = function(req, res, next) {
     User.findOne({ resetPasswordToken: req.params.token, resetPasswordExpires: { $gt: Date.now() } }, function(err, user) {
         if (err) {
-            return next(err);
+            return res.status(400).jsonp({msg: err});
         }
         if (!user) {
-            return res.status(500).jsonp({err: err});
+            return res.status(400).jsonp({msg: 'Token invalid or expired'});
+        }
+        req.assert('password', 'Password must be between 8-20 characters long').len(8, 20);
+        req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
+        var errors = req.validationErrors();
+        if (errors) {
+            return res.status(400).send(errors);
         }
         user.password = req.body.password;
-        // user.resetPasswordToken = undefined;
-        // user.resetPasswordExpires = undefined;
+        user.resetPasswordToken = undefined;
+        user.resetPasswordExpires = undefined;
         user.save(function(err) {
             req.logIn(user, function(err) {
                 if (err) return next(err);
@@ -185,7 +191,8 @@ exports.forgotpassword = function(req, res, next) {
         },
         function(token, user, done) {
             var mailOptions = {
-                to: user.email
+                to: user.email,
+                from: config.emailFrom
             };
             mailOptions = templates.forgot_password_email(user, req, token, mailOptions);
             config.sendMail(mailOptions);

diff --git a/packages/users/server/template.js b/packages/users/server/template.js
@@ -7,7 +7,6 @@ module.exports = {
             'http://' + req.headers.host + '/#!/reset/' + token + '\n\n' +
             'If you did not request this, please ignore this email and your password will remain unchanged.\n';
         mailOptions.subject = 'Resetting the password';
-        mailOptions.from = 'SENDER EMAIL ADDRESS'; // sender address
         return mailOptions;
     }
 };