0.1.2 • Published 11 years ago
pass-reset v0.1.2
pass-reset
An express compatable module for creating RESTful password reset endpoints.
Install
$ npm install pass-resetConfiguration
Example expiration
var passReset = require('pass-reset');
// The unit (second param) can be one of the following (or undefined for milliseconds):
// "secs", "mins", "hours", "days", or "weeks"
passReset.expireTimeout(12, 'hours');Example user lookup routine
var passReset = require('pass-reset');
passReset.lookupUsers(function(login, callback) {
User.find({ username: login }, function(err, users) {
if (err) {return callback(err);}
if (! users.length) {return callback(null, false);}
callback(null, {
email: user.email,
users: [{
id: user.id,
name: user.username
}]
});
});
});Example set password routine
var passReset = require('pass-reset');
passReset.setPassword(function(id, password, callback) {
if (password.length < 8) {
return callback(null, false, 'Password must be at least 8 characters');
}
var hash = doHash(password);
var update = { $set: { password: hash } };
User.update({ id: id }, update, { }, function(err) {
if (err) {return callback(err);}
callback(null, true);
});
});Example send email routine
var passReset = require('pass-reset');
var template = handlebars.compile([
'<p>You requested a password reset for the following account(s).</p>',
'<ul>',
'{{#each resets}}',
'<li>{{name}}: <a href="{{url}}">{{url}}</a></li>',
'{{/each}}',
'</ul>'
].join('\n'));
passReset.sendEmail(function(email, resets, callback) {
mailer.send({
to: email,
from: 'noreply@example.com',
subject: 'password reset',
body: template({ resets: resets })
});
callback(null, true);
});Example custom storage for tokens
var passReset = require('pass-reset');
var redis = require('redis-url').connect(/* ... */);
passReset.storage.setStore({
create: function(id, token, callback) {
redis.set(token, id, callback);
redis.expire(token, Math.round(passReset.expireTimeout() / 1000));
},
lookup: function(token, callback) {
redis.get(token, callback);
},
destroy: function(token, callback) {
redis.del(token, callback);
}
});Usage
Route for requesting a new reset token
app.post('/password/reset',
passReset.requestResetToken()
);The requestResetToken method can also take an object of configuration values. The following values are supported:
- loginParam - The name of the param where the login data (username/email) can be found in
req.body. - callbackURL - The base URL to direct users to actually perform the reset. This value should contain a
"{token}"somewhere which will be replaced with the token, eg."/password/reset/{token}". - next - By default, when pass-reset is done generating a token and sending it, an empty 200 OK response will be sent. To change this behavior, this value can be given a few different values. If a string is given, it is treated as a redirect, if a function is given, it will be called with the
req,res, andnextparameters, and if any other truthy value is given, thenextfunction will simply be called.
app.post('/password/reset',
passReset.requestResetToken({
next: true,
loginParam: 'login',
callbackURL: '/password/reset/{token}',
}),
function(req, res) {
// ...
}
);Route for actually reseting passwords
app.put('/password/reset',
passReset.resetPassword()
);The resetPassword method can also take an object of configuration values. The following values are supported:
- tokenParam/passwordParam/confirmParam - The name of the params where the respective data (token/password/confirm) can be found in
req.body. - next - By default, after the password is reset, an empty 200 OK response will be sent. To change this behavior, this value can be given a few different values. If a string is given, it is treated as a redirect, if a function is given, it will be called with the
req,res, andnextparameters, and if any other truthy value is given, thenextfunction will simply be called.
app.put('/password/reset',
passReset.resetPassword({
next: true,
tokenParam: 'token',
passwordParam: 'password',
confirmParam: 'confirm'
}),
function(req, res) {
// ...
}
);