password-reset

0.1.4 • Public • Published

password-reset

middleware for managing password reset emails

example

var fs = require('fs');
var express = require('express');
var app = express.createServer();
 
app.use(express.static(__dirname));
app.use(require('sesame')()); // for sessions
 
var forgot = require('password-reset')({
    uri : 'http://localhost:8080/password_reset',
    from : 'password-robot@localhost',
    host : 'localhost', port : 25,
});
app.use(forgot.middleware);
 
app.post('/forgot', express.bodyParser(), function (req, res) {
    var email = req.body.email;
    var reset = forgot(email, function (err) {
        if (err) res.end('Error sending message: ' + err)
        else res.end('Check your inbox for a password reset message.')
    });
    
    reset.on('request', function (req_, res_) {
        req_.session.reset = { email : email, id : reset.id };
        fs.createReadStream(__dirname + '/forgot.html').pipe(res_);
    });
});
 
app.post('/reset', express.bodyParser(), function (req, res) {
    if (!req.session.reset) return res.end('reset token not set');
    
    var password = req.body.password;
    var confirm = req.body.confirm;
    if (password !== confirm) return res.end('passwords do not match');
    
    // update the user db here
    
    forgot.expire(req.session.reset.id);
    delete req.session.reset;
    res.end('password reset');
});
 
app.listen(8080);
console.log('Listening on :8080');

methods

var forgot = require('password-reset')(opts)

Create a new password reset session forgot with some options opts.

opts.uri must be the location of the password reset route, such as 'http://localhost:8080/_password_reset'. A query string is appended to opts.uri with a unique one-time hash.

opts.body(uri) can be a function that takes the password reset link uri and returns the email body as a string.

The rest of the options are passed directly to node-pony.

When the user clicks on the uri link forgot emits a "request", req, res event.

var reset = forgot(email, cb)

Send a password reset email to the email address. cb(err) fires when the email has been sent.

forgot.middleware(req, res, next)

Use this middleware function to intercept requests on the opts.uri.

forgot.expire(id)

Prevent a session from being used again. Call this after you have successfully reset the password.

attributes

reset.id

Pass this value to forgot.expire(id).

events

reset.on('request', function (req, res) { ... })

Emitted when the user clicks on the password link from the email.

reset.on('failure', function (err) { ... })

Emitted when an error occurs sending email. You can also listen for this event in forgot()'s callback.

reset.on('success', function () {})

Emitted when an email is successfully sent.

install

With npm do:

npm install password-reset

license

MIT/X11

Readme

Keywords

none

Package Sidebar

Install

npm i password-reset

Weekly Downloads

7

Version

0.1.4

License

MIT

Last publish

Collaborators

  • nopersonsmodules