0

After two days of googling I finally post my first question ever:

I try to implement a Forgot password functionality in my NodeJS, Express, website following this : http://sahatyalkabov.com/how-to-implement-password-reset-in-nodejs/

The thing is, in the app.post('reset/:token') route, req.user is undefined, but it's the only place in my code where its undefined !

I think it might come from the "unique link" type of route, but not sure and no idea how to solve this.

The form in the .ejs action to 'reset/:token' too.

So that resetPasswordToken can't be find after entering new password ..

app.get('/reset/:token', function(req, res) {
    user.findOne({
        resetPasswordToken: req.params.token,
        resetPasswordExpires: {
            $gt: Date.now()
        }
    }, function(err, user) {
        if (!user) {
            req.flash('error', 'Password reset token is invalid or has expired.');
            return res.redirect('/forgot');
        }
        res.render('./pages/reset.ejs', {
            username: req.user
        });
    });
});

app.post('/reset/:token', function(req, res) {
    async.waterfall([
        function(done) {
            console.log('user: ' + req.user);
            user.findOne({
                resetPasswordToken: req.params.token,
                resetPasswordExpires: {
                    $gt: Date.now()
                }
            }, function(err, user) {
                if (!user) {
                    req.flash('error', 'Password reset token is invalid or has   expired.');
                    return res.redirect('back');
                }

                user.password = req.body.password;
                user.resetPasswordToken = undefined;
                user.resetPasswordExpires = undefined;

                user.save(function(err) {
                    req.logIn(user, function(err) {
                        done(err, user);
                    });
                });
            });
        },
        function(user, done) {
            var mailOptions = {
                to: user.email,
                from: 'passwordreset@demo.com',
                subject: 'Your password has been changed',
                text: 'Hello,\n\n' +
                    'This is a confirmation that the password for your account ' + user.email + ' has just been changed.\n'
            };
            smtpTransport.sendMail(mailOptions, function(err) {
                req.flash('success', 'Success! Your password has been changed.');
                done(err);
            });
        }
        `enter code here`
    ], function(err) {
        res.redirect('/');
    });
});

This is actually my first post here, sorry for bad indentations ..

StepUp
  • 36,391
  • 15
  • 88
  • 148
Naguib 凪
  • 25
  • 6

2 Answers2

0

In fact, req.user should be empty on this page because you are not authenticated (you are modifying the password in order to log in) and req.user (passport documentation) contains the user when he is authenticated.

anthony moss
  • 31
  • 2
  • Thank you very much for your answer Anthony, the thing is the user.findOne doesn't work. It might come from the req.params.token which return " :token " when I console.log it. how can I get the token ? – Naguib 凪 May 12 '16 at 09:14
  • Can you give me more information please? On the post or your get link? because your token should be generate and send into the email to the user. So when the user will click on the email, it will have a links like : localhost:8000/reset/wrotesomething -> Here my req.params.token will be wrotesomething. Loot at the boilerplate I made, it will probable help you to understand the system which is quite similar: https://github.com/haukka/sequelize-express-passport Maybe you will find your answer on it (in the repertory routes, the file index) Sorry in advance, you will find some text in french. – anthony moss May 12 '16 at 09:29
0

Finally succeed, it was coming from the reset.ejs form action,

everything's explained here: NodeJS not able to get token value from req.params.token

Community
  • 1
  • 1
Naguib 凪
  • 25
  • 6