diff --git a/controllers/auth.js b/controllers/auth.js index bb7b99c..af00c0c 100644 --- a/controllers/auth.js +++ b/controllers/auth.js @@ -559,6 +559,24 @@ module.exports = function (app) { }); } + function updateUserPassword (user) { + bcrypt.hash(password, BCRYPT_SEED_ROUNDS, function(err, hash) { + if (err || !hash) + return finalize(err || 'Failed to generate new password - please try again.'); + + user.updateAttributes({ + password: hash + }).complete(function(err) { + if (err) + return finalize(err); + + sendConfirmationEmail(user); + + finalize(); + }); + }); + } + if (!validatePassword(password)) { req.flash('error', 'This is not a valid password'); return res.redirect('/login/password/' + token.token); @@ -572,28 +590,22 @@ module.exports = function (app) { return finalize(err); token.getUser(function (err, user) { - if (user.email !== username && user.username !== normalizeUsername(username)) + if (user.email === username || user.username === normalizeUsername(username)) + return updateUserPassword(user); + + if (!user.GuardianId) return finalize('Invalid nickname or email address'); - if (user.underage) { - password = generatedPassword; - } + // Make allowances for situations where guardians have entered their + // own email address when resetting their child's password - bcrypt.hash(password, BCRYPT_SEED_ROUNDS, function(err, hash) { - if (err || !hash) - return finalize(err || 'Failed to generate new password - please try again.'); + user.getGuardian() + .complete(function (err, guardian) { + if (err || !guardian) + return finalize('Invalid nickname or email address'); - user.updateAttributes({ - password: hash - }).complete(function(err) { - if (err) - return finalize(err); - - sendConfirmationEmail(user); - - finalize(); + updateUserPassword(user); }); - }); }); }); });