Merge pull request #502 from andrewhayward/passwords

Resolving password resetting confusions
2013-06-06 10:10:21 -07:00 · 2013-06-06 10:10:21 -07:00 · e7ff9fd22c
--- a/controllers/auth.js
+++ b/controllers/auth.js
@ -559,26 +559,7 @@ module.exports = function (app) {
        });
    }

-    if (!validatePassword(password)) {
-      req.flash('error', 'This is not a valid password');
-      return res.redirect('/login/password/' + token.token);
-    }
-
-    token.updateAttributes({
-      expired: true
-    })
-      .complete(function (err) {
-        if (err)
-          return finalize(err);
-
-        token.getUser(function (err, user) {
-          if (user.email !== username && user.username !== normalizeUsername(username))
-            return finalize('Invalid nickname or email address');
-
-          if (user.underage) {
-            password = generatedPassword;
-          }
-
+    function updateUserPassword (user) {
      bcrypt.hash(password, BCRYPT_SEED_ROUNDS, function(err, hash) {
        if (err || !hash)
          return finalize(err || 'Failed to generate new password - please try again.');
@ -594,6 +575,37 @@ module.exports = function (app) {
          finalize();
        });
      });
+    }
+
+    if (!validatePassword(password)) {
+      req.flash('error', 'This is not a valid password');
+      return res.redirect('/login/password/' + token.token);
+    }
+
+    token.updateAttributes({
+      expired: true
+    })
+      .complete(function (err) {
+        if (err)
+          return finalize(err);
+
+        token.getUser(function (err, user) {
+          if (user.email === username || user.username === normalizeUsername(username))
+            return updateUserPassword(user);
+
+          if (!user.GuardianId)
+            return finalize('Invalid nickname or email address');
+
+          // Make allowances for situations where guardians have entered their
+          // own email address when resetting their child's password
+
+          user.getGuardian()
+            .complete(function (err, guardian) {
+              if (err || !guardian)
+                return finalize('Invalid nickname or email address');
+
+              updateUserPassword(user);
+            });
        });
      });
  });