NodeJS not able to get token value from req.params.token

Question

app.post('/reset/:token', function(req, res) {
  async.waterfall([
    function(done) {
      User.findOne({ 'local.resetPasswordToken' : req.params.token, 'local.resetPasswordExpires' : { $gt: Date.now() } }, function(err, user) {
        if (!user) {
          req.flash('resetMessage', req.params.token);
          return res.redirect('back');
        }
  ], function(err) {
    res.redirect('/');
  });
}); 

app.get('/reset/:token', function(req, res) {
    User.findOne({ 'local.resetPasswordToken': req.params.token, 'local.resetPasswordExpires' : { $gt: Date.now() } }, function(err, user) {
        if (!user) {
            req.flash('forgotMessage', req.params.token );
        return res.redirect('/forgot');
        }
        res.render('reset.ejs', { user: req.user, message: req.flash('resetMessage') });
    });
});



<!--Reset.ejs page ResetPassword FORM -->
<form action="/reset/:token" method="post">
    <div class="form-group">
        <label>New Password</label>
        <input type="text" class="form-control" name="newpassword">
    </div>
    <div class="form-group">
        <label>Confirm Password</label>
        <input type="text" class="form-control" name="confirmpassword">
    </div>
    <button type="submit" class="btn btn-warning btn-lg">Reset</button>
</form>

I able to get the token with req.params.token for the "post" after clicking http://localhost:8080/reset/fed831abf73150c96f6a3e392b5cbdcaccdeb9bd

Later when I submit through the reset.ejs for the "get" I couldn't retrieved any token value with req.params.token.

Any solution to it?

The form action uses "/reset/:token" but I hope Tedd fills in the actual token here and not ":token". — xaviert, Oct 20 '15 at 13:00
I wasn't able to figure out how should I write it in order to fill it there. — Tedd Ang Teck Loon, Oct 20 '15 at 13:01
Did you open the browser's debugger and examine the actual GET request? That might be helpful. — Lee Jenkins, Oct 20 '15 at 15:43

score 2 · Answer 1 · edited May 23 '17 at 12:25

I imagine that the original code for this might have come from http://sahatyalkabov.com/how-to-implement-password-reset-in-nodejs/. In this tut the jade templating engine is used and if you look at the reset.jade you will see that it starts with

form(method='POST')

but no action is defined. I don't really know jade but in your example you are using ejs and in your code you are setting the action to

form action="/reset/:token" method="post"

and as everybody has pointed out the route that you post to is exactly /reset/:token. So req.params will be :token and the reset will fail. What you need to do is post the url exactly as it appears in the get request. If you read

Is it a good practice to use an empty URL for a HTML form's action attribute? (action="")

you can see that you can amend your reset.ejs page code to read

form action="" method="post"

Now the post should have an action equal to the get url with the token in place and the reset should occur.

score 0 · Accepted Answer · answered Feb 24 '16 at 19:13

0

you need another form with method='get' and action='reset/' + tokenvar. Also your async waterfall does not call done() so will not call the redirect if the user exists

answered Feb 24 '16 at 19:13

Julian Veling

357
2
13

Thanks. I fixed it. – Tedd Ang Teck Loon Sep 30 '16 at 02:06

NodeJS not able to get token value from req.params.token

2 Answers2

Linked