resetting/setting password from options

2025-11-12 08:15:52 +01:00 · 2021-12-30 22:54:08 +01:00
parent f92016f9ec
commit 8120f1bf25
10 changed files with 137 additions and 73 deletions
--- a/src/routes/api/options.js
+++ b/src/routes/api/options.js
@@ -67,6 +67,8 @@ function getOptions() {
        }
    }

+    resultMap['isPasswordSet'] = !!optionMap['passwordVerificationHash'] ? 'true' : 'false';
+
    return resultMap;
 }

--- a/src/routes/api/password.js
+++ b/src/routes/api/password.js
@@ -1,11 +1,26 @@
 "use strict";

-const changePasswordService = require('../../services/change_password');
+const passwordService = require('../../services/password.js');

 function changePassword(req) {
-    return changePasswordService.changePassword(req.body.current_password, req.body.new_password);
+    if (passwordService.isPasswordSet()) {
+        return passwordService.changePassword(req.body.current_password, req.body.new_password);
+    }
+    else {
+        return passwordService.setPassword(req.body.new_password);
+    }
+}
+
+function resetPassword(req) {
+    // protection against accidental call (not a security measure)
+    if (req.query.really !== "yesIReallyWantToResetPasswordAndLoseAccessToMyProtectedNotes") {
+        return [400, "Incorrect password reset confirmation"];
+    }
+
+    return passwordService.resetPassword();
 }

 module.exports = {
-    changePassword
+    changePassword,
+    resetPassword
 };
--- a/src/routes/login.js
+++ b/src/routes/login.js
@@ -4,8 +4,7 @@ const utils = require('../services/utils');
 const optionService = require('../services/options');
 const myScryptService = require('../services/my_scrypt');
 const log = require('../services/log');
-const sqlInit = require("../services/sql_init.js");
-const optionsInitService = require("../services/options_init.js");
+const passwordService = require("../services/password.js");

 function loginPage(req, res) {
    res.render('login', { failedAuth: false });
@@ -16,7 +15,7 @@ function setPasswordPage(req, res) {
 }

 function setPassword(req, res) {
-    if (sqlInit.isPasswordSet()) {
+    if (passwordService.isPasswordSet()) {
        return [400, "Password has been already set"];
    }

@@ -37,7 +36,7 @@ function setPassword(req, res) {
        return;
    }

-    optionsInitService.initPassword(password1);
+    passwordService.setPassword(password1);

    res.redirect('login');
 }
--- a/src/routes/routes.js
+++ b/src/routes/routes.js
@@ -290,6 +290,7 @@ function register(app) {
    apiRoute(GET, '/api/options/user-themes', optionsApiRoute.getUserThemes);

    apiRoute(POST, '/api/password/change', passwordApiRoute.changePassword);
+    apiRoute(POST, '/api/password/reset', passwordApiRoute.resetPassword);

    apiRoute(POST, '/api/sync/test', syncApiRoute.testSync);
    apiRoute(POST, '/api/sync/now', syncApiRoute.syncNow);