packages/lib/server-only/user/reset-password.ts

import { compare, hash } from '@node-rs/bcrypt';

import { prisma } from '@documenso/prisma';
import { UserSecurityAuditLogType } from '@documenso/prisma/client';

import { SALT_ROUNDS } from '../../constants/auth';
import { AppError, AppErrorCode } from '../../errors/app-error';
import type { RequestMetadata } from '../../universal/extract-request-metadata';
import { sendResetPassword } from '../auth/send-reset-password';

export type ResetPasswordOptions = {
  token: string;
  password: string;
  requestMetadata?: RequestMetadata;
};

export const resetPassword = async ({ token, password, requestMetadata }: ResetPasswordOptions) => {
  if (!token) {
    throw new AppError('INVALID_TOKEN');
  }

  const foundToken = await prisma.passwordResetToken.findFirst({
    where: {
      token,
    },
    include: {
      User: true,
    },
  });

  if (!foundToken) {
    throw new AppError('INVALID_TOKEN');
  }

  const now = new Date();

  if (now > foundToken.expiry) {
    throw new AppError(AppErrorCode.EXPIRED_CODE);
  }

  const isSamePassword = await compare(password, foundToken.User.password || '');

  if (isSamePassword) {
    throw new AppError('SAME_PASSWORD');
  }

  const hashedPassword = await hash(password, SALT_ROUNDS);

  await prisma.$transaction([
    prisma.user.update({
      where: {
        id: foundToken.userId,
      },
      data: {
        password: hashedPassword,
      },
    }),
    prisma.passwordResetToken.deleteMany({
      where: {
        userId: foundToken.userId,
      },
    }),
    prisma.userSecurityAuditLog.create({
      data: {
        userId: foundToken.userId,
        type: UserSecurityAuditLogType.PASSWORD_RESET,
        userAgent: requestMetadata?.userAgent,
        ipAddress: requestMetadata?.ipAddress,
      },
    }),
  ]);

  await sendResetPassword({ userId: foundToken.userId });
};
chore: remove bcrypt 2024-03-07 18:30:22 +11:00			`import { compare, hash } from '@node-rs/bcrypt';`
feat: add reset functionality 2023-09-18 14:03:33 +00:00
			`import { prisma } from '@documenso/prisma';`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`import { UserSecurityAuditLogType } from '@documenso/prisma/client';`
feat: add reset functionality 2023-09-18 14:03:33 +00:00
			`import { SALT_ROUNDS } from '../../constants/auth';`
fix: refactor trpc errors (#1511) 2024-12-06 16:01:24 +09:00			`import { AppError, AppErrorCode } from '../../errors/app-error';`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`import type { RequestMetadata } from '../../universal/extract-request-metadata';`
feat: send email to user on successful password reset 2023-09-18 14:31:04 +00:00			`import { sendResetPassword } from '../auth/send-reset-password';`
feat: add reset functionality 2023-09-18 14:03:33 +00:00
			`export type ResetPasswordOptions = {`
			`token: string;`
			`password: string;`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`requestMetadata?: RequestMetadata;`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`};`

feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`export const resetPassword = async ({ token, password, requestMetadata }: ResetPasswordOptions) => {`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`if (!token) {`
fix: refactor trpc errors (#1511) 2024-12-06 16:01:24 +09:00			`throw new AppError('INVALID_TOKEN');`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`}`

fix: add layout and minor updates 2023-09-19 13:34:54 +00:00			`const foundToken = await prisma.passwordResetToken.findFirst({`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`where: {`
			`token,`
			`},`
			`include: {`
			`User: true,`
			`},`
			`});`

			`if (!foundToken) {`
fix: refactor trpc errors (#1511) 2024-12-06 16:01:24 +09:00			`throw new AppError('INVALID_TOKEN');`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`}`

			`const now = new Date();`

			`if (now > foundToken.expiry) {`
fix: refactor trpc errors (#1511) 2024-12-06 16:01:24 +09:00			`throw new AppError(AppErrorCode.EXPIRED_CODE);`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`}`

fix: add layout and minor updates 2023-09-19 13:34:54 +00:00			`const isSamePassword = await compare(password, foundToken.User.password \|\| '');`
feat: add reset functionality 2023-09-18 14:03:33 +00:00
			`if (isSamePassword) {`
fix: refactor trpc errors (#1511) 2024-12-06 16:01:24 +09:00			`throw new AppError('SAME_PASSWORD');`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`}`

			`const hashedPassword = await hash(password, SALT_ROUNDS);`

fix: add layout and minor updates 2023-09-19 13:34:54 +00:00			`await prisma.$transaction([`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`prisma.user.update({`
			`where: {`
			`id: foundToken.userId,`
			`},`
			`data: {`
			`password: hashedPassword,`
			`},`
			`}),`
			`prisma.passwordResetToken.deleteMany({`
			`where: {`
			`userId: foundToken.userId,`
			`},`
			`}),`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`prisma.userSecurityAuditLog.create({`
			`data: {`
			`userId: foundToken.userId,`
			`type: UserSecurityAuditLogType.PASSWORD_RESET,`
			`userAgent: requestMetadata?.userAgent,`
			`ipAddress: requestMetadata?.ipAddress,`
			`},`
			`}),`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`]);`

feat: send email to user on successful password reset 2023-09-18 14:31:04 +00:00			`await sendResetPassword({ userId: foundToken.userId });`
feat: add reset functionality 2023-09-18 14:03:33 +00:00			`};`