Merge pull request #502 from andrewhayward/passwords

Resolving password resetting confusions
2013-06-06 10:10:21 -07:00 · 2013-06-06 10:10:21 -07:00 · e7ff9fd22c
--- a/controllers/auth.js
+++ b/controllers/auth.js
@ -559,6 +559,24 @@ module.exports = function (app) {
        });
    }

+    function updateUserPassword (user) {
+      bcrypt.hash(password, BCRYPT_SEED_ROUNDS, function(err, hash) {
+        if (err || !hash)
+          return finalize(err || 'Failed to generate new password - please try again.');
+
+        user.updateAttributes({
+          password: hash
+        }).complete(function(err) {
+          if (err)
+            return finalize(err);
+
+          sendConfirmationEmail(user);
+
+          finalize();
+        });
+      });
+    }
+
    if (!validatePassword(password)) {
      req.flash('error', 'This is not a valid password');
      return res.redirect('/login/password/' + token.token);
@ -572,28 +590,22 @@ module.exports = function (app) {
          return finalize(err);

        token.getUser(function (err, user) {
-          if (user.email !== username && user.username !== normalizeUsername(username))
+          if (user.email === username || user.username === normalizeUsername(username))
+            return updateUserPassword(user);
+
+          if (!user.GuardianId)
            return finalize('Invalid nickname or email address');

-          if (user.underage) {
-            password = generatedPassword;
-          }
+          // Make allowances for situations where guardians have entered their
+          // own email address when resetting their child's password

-          bcrypt.hash(password, BCRYPT_SEED_ROUNDS, function(err, hash) {
-            if (err || !hash)
-              return finalize(err || 'Failed to generate new password - please try again.');
+          user.getGuardian()
+            .complete(function (err, guardian) {
+              if (err || !guardian)
+                return finalize('Invalid nickname or email address');

-            user.updateAttributes({
-              password: hash
-            }).complete(function(err) {
-              if (err)
-                return finalize(err);
-
-              sendConfirmationEmail(user);
-
-              finalize();
+              updateUserPassword(user);
            });
-          });
        });
      });
  });