shellphone.app/app/auth/mutations/reset-password.ts

import { resolver, SecurePassword, hash256 } from "blitz";

import db from "../../../db";
import { ResetPassword } from "../validations";
import login from "./login";

export class ResetPasswordError extends Error {
	name = "ResetPasswordError";
	message = "Reset password link is invalid or it has expired.";
}

export default resolver.pipe(resolver.zod(ResetPassword), async ({ password, token }, ctx) => {
	// 1. Try to find this token in the database
	const hashedToken = hash256(token);
	const possibleToken = await db.token.findFirst({
		where: { hashedToken, type: "RESET_PASSWORD" },
		include: { user: true },
	});

	// 2. If token not found, error
	if (!possibleToken) {
		throw new ResetPasswordError();
	}
	const savedToken = possibleToken;

	// 3. Delete token so it can't be used again
	await db.token.delete({ where: { id: savedToken.id } });

	// 4. If token has expired, error
	if (savedToken.expiresAt < new Date()) {
		throw new ResetPasswordError();
	}

	// 5. Since token is valid, now we can update the user's password
	const hashedPassword = await SecurePassword.hash(password.trim());
	const user = await db.user.update({
		where: { id: savedToken.userId },
		data: { hashedPassword },
	});

	// 6. Revoke all existing login sessions for this user
	await db.session.deleteMany({ where: { userId: user.id } });

	// 7. Now log the user in with the new credentials
	await login({ email: user.email, password }, ctx);

	return true;
});
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`import { resolver, SecurePassword, hash256 } from "blitz";`
migrate to blitzjs 2021-07-31 14:33:18 +00:00
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`import db from "../../../db";`
			`import { ResetPassword } from "../validations";`
			`import login from "./login";`
migrate to blitzjs 2021-07-31 14:33:18 +00:00
			`export class ResetPasswordError extends Error {`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`name = "ResetPasswordError";`
			`message = "Reset password link is invalid or it has expired.";`
migrate to blitzjs 2021-07-31 14:33:18 +00:00			`}`

			`export default resolver.pipe(resolver.zod(ResetPassword), async ({ password, token }, ctx) => {`
			`// 1. Try to find this token in the database`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`const hashedToken = hash256(token);`
migrate to blitzjs 2021-07-31 14:33:18 +00:00			`const possibleToken = await db.token.findFirst({`
			`where: { hashedToken, type: "RESET_PASSWORD" },`
			`include: { user: true },`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`});`
migrate to blitzjs 2021-07-31 14:33:18 +00:00
			`// 2. If token not found, error`
			`if (!possibleToken) {`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`throw new ResetPasswordError();`
migrate to blitzjs 2021-07-31 14:33:18 +00:00			`}`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`const savedToken = possibleToken;`
migrate to blitzjs 2021-07-31 14:33:18 +00:00
			`// 3. Delete token so it can't be used again`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`await db.token.delete({ where: { id: savedToken.id } });`
migrate to blitzjs 2021-07-31 14:33:18 +00:00
			`// 4. If token has expired, error`
			`if (savedToken.expiresAt < new Date()) {`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`throw new ResetPasswordError();`
migrate to blitzjs 2021-07-31 14:33:18 +00:00			`}`

			`// 5. Since token is valid, now we can update the user's password`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`const hashedPassword = await SecurePassword.hash(password.trim());`
migrate to blitzjs 2021-07-31 14:33:18 +00:00			`const user = await db.user.update({`
			`where: { id: savedToken.userId },`
			`data: { hashedPassword },`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`});`
migrate to blitzjs 2021-07-31 14:33:18 +00:00
			`// 6. Revoke all existing login sessions for this user`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`await db.session.deleteMany({ where: { userId: user.id } });`
migrate to blitzjs 2021-07-31 14:33:18 +00:00
			`// 7. Now log the user in with the new credentials`
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`await login({ email: user.email, password }, ctx);`
migrate to blitzjs 2021-07-31 14:33:18 +00:00
reformat with prettier with semicolons and tabs 2021-07-31 15:57:43 +00:00			`return true;`
			`});`