reset.hbs<div class="row"> <div style="margin: auto; margin-top: 5em" clas

1. reset.hbs
2.  
3. <div class="row">
4.     <div style="margin: auto; margin-top: 5em" class="card col-xs-8 col-sm-8 col-md-8">
5.     <div class="card-block">
6.  
7.     {{#if messages.error}}
8.         <div class="alert alert-danger">
9.             {{ messages.error }}
10.         </div>
11.     {{/if}}
12.     {{#if messages.info}}
13.         <div class="alert alert-info">
14.             {{ messages.info }}
15.         </div>
16.     {{/if}}
17.     {{#if messages.success}}
18.         <div class="alert alert-success">
19.             {{ messages.success }}
20.         </div>
21.     {{/if}}
22.  
23.         <!--Header-->
24.         <div class="form-header  blue">
25.             <h3></i>Reset Password</h3>
26.         </div>
27.  
28.     <form method="POST" action="">
29.       <div>
30.         New Password
31.       </div>
32.       <div>
33.         <input type="password" name="password">
34.       </div>
35.      
36.       <div>
37.         Confirm Password
38.       </div>
39.       <div>
40.         <input type="password" name="confirm">
41.       </div>
42.      
43.       <div>
44.         <input type="hidden" name="token" value="{{ resetToken }}">
45.         <input type="hidden" name="_csrf" value="{{ csrfToken }}">
46.         <button class="btn btn-primary" type="submit">Reset</button>
47.       </div>
48.     </form>
49. </div>
50. </div>
51. </div>
52.  
53.  
54. forgot.hbs
55.  
56. <div class="row">
57.     <div style="margin: auto; margin-top: 5em" class="card col-xs-8 col-sm-8 col-md-8">
58.     <div class="card-block">
59.  
60.     {{#if messages.error}}
61.         <div class="alert alert-danger">
62.             {{ messages.error }}
63.         </div>
64.     {{/if}}
65.     {{#if messages.info}}
66.         <div class="alert alert-info">
67.             {{ messages.info }}
68.         </div>
69.     {{/if}}
70.     {{#if messages.success}}
71.         <div class="alert alert-success">
72.             {{ messages.success }}
73.         </div>
74.     {{/if}}
75.  
76.     <h1>Password Reset Request</h1>
77.     <form method="POST" action="/forgot">
78.       <input type="text" name="email" value="" autofocus>
79.       <input type="hidden" name="_csrf" value="{{ csrfToken }}">
80.       <input type="submit" value="forgot password">
81.     </form>
82. </div>
83. </div>
84. </div>
85.  
86. index.js
87.  
88. var express = require('express');
89. var router = express.Router();
90. var csrf = require('csurf');
91. var passport = require('passport');
92. var nodemailer = require('nodemailer');
93. var async = require('async');
94. var crypto = require('crypto');
95. var User = require('../models/user');
96. var bcrypt = require('bcrypt-nodejs');
97.  
98. var csrfProtection = csrf();
99. router.use(csrfProtection);
100.  
101.  
102. /* GET home page. */
103. router.get('/', function(req, res, next) {
104.   res.render('shop/index', { title: 'Camtradr' });
105. });
106.  
107. router.get('/signup', function(req,res,next) {
108.     var messages = req.flash('error');
109.     res.render('user/signup', {csrfToken: req.csrfToken() , messages: messages, hasErrors: messages.length > 0});
110. });
111.  
112. router.post('/signup', passport.authenticate('local.signup', {
113.     successRedirect: '/profile',
114.     failureRedirect: '/signup',
115.     failureFlash: true
116. }));
117.  
118. router.get('/logout', function( req, res, next ) {
119.     req.logout();
120.     res.redirect('/');
121. });
122.  
123. router.get('/profile', isLoggedIn, function(req,res,next) {
124.     res.render('user/profile',{ username: req.user.username});
125. });
126.  
127. router.get('/signin', function(req,res,next) {
128.     var messages = req.flash('error') || req.flash('info') || req.flash('success');
129.     res.render('user/signin', {csrfToken: req.csrfToken() , messages: messages, hasErrors: messages.length > 0});
130. });
131.  
132. router.post('/signin', passport.authenticate('local.signin', {
133.     successRedirect: '/profile',
134.     failureRedirect: '/signin',
135.     failureFlash: true
136. }));
137.  
138. router.get('/forgot', function(req, res) {
139.   res.render('user/forgot', {
140.     user: req.user,
141.     csrfToken: req.csrfToken(),
142.     messages: {
143.         info: req.flash('info'),
144.         success: req.flash('success'),
145.         error: req.flash('error')
146.     }
147.   });
148. });
149.  
150. router.post('/forgot', function(req, res, next) {
151.   async.waterfall([
152.     function(done) {
153.       crypto.randomBytes(20, function(err, buf) {
154.         var token = buf.toString('hex');
155.         done(err, token);
156.       });
157.     },
158.     function(token, done) {
159.       User.findOne({ email: req.body.email }, function(err, user) {
160.         if (!user) {
161.           var messages = req.flash('error', 'No account with that email address exists.');
162.           return res.redirect('/forgot');
163.         }
164.  
165.         user.resetPasswordToken = token;
166.         user.resetPasswordExpires = Date.now() + 3600000; // 1 hour
167.  
168.         user.save(function(err) {
169.           done(err, token, user);
170.         });
171.       });
172.     },
173.     function(token, user, done) {
174.       var transport = nodemailer.createTransport({
175.         service: 'SendGrid',
176.         auth: {
177.           user: 'halfcab123',
178.           pass: 'a1s2d3f4g5'
179.         }
180.       });
181.       var mailOptions = {
182.         to: user.email,
183.         from: 'passwordreset@camtradr.com',
184.         subject: 'Camtradr Password Reset',
185.         text: user.username + ', You are receiving this because you (or someone else) have requested the reset of the password for your account.\n\n' +
186.           'Please click on the following link, or paste this into your browser to complete the process:\n\n' +
187.           'http://' + req.headers.host + '/reset/' + token + '\n\n' +
188.           'If you did not request this, please ignore this email and your password will remain unchanged.\n'
189.       };
190.       transport.sendMail(mailOptions, function(err) {
191.         req.flash('info', 'An e-mail has been sent to ' + user.email + ' with further instructions.');
192.         return done(err, 'done');
193.       });
194.     }
195.   ], function(err) {
196.     if (err) return next(err);
197.     req.flash('error', err);
198.     res.redirect('/forgot');
199.   });
200.  
201. });
202.  
203. router.get('/reset/:token', function(req, res) {
204.   User.findOne({ resetPasswordToken: req.params.token, resetPasswordExpires: { $gt: Date.now() } }, function(err, user) {
205.     if (!user) {
206.       req.flash('error', 'Password reset token is invalid or has expired.');
207.       return res.redirect('/forgot');
208.     }
209.     res.render('user/reset', {
210.       user: req.user,
211.       csrfToken: req.csrfToken(),
212.       token: req.params.token,
213.       messages: {
214.         info: req.flash('info'),
215.         success: req.flash('success'),
216.         error: req.flash('error')
217.     }
218.     });
219.   });
220. });
221.  
222. router.post('/reset/:token', function(req, res) {
223.   async.waterfall([
224.     function(done) {
225.         console.log(req.params.token);
226.       User.findOne({ resetPasswordToken: req.params.token, resetPasswordExpires: { $gt: Date.now() } }, function(err, user) {
227.         if (!user) {
228.           req.flash('error', 'Password reset token is invalid or has expired.');
229.           return res.redirect('back');
230.         }
231.  
232.         user.password = bcrypt.hashSync(req.body.password, bcrypt.genSaltSync(5), null);
233.         user.resetPasswordToken = undefined;
234.         user.resetPasswordExpires = undefined;
235.  
236.         user.save(function(err) {
237.           req.logIn(user, function(err) {
238.             done(err, user);
239.           });
240.         });
241.       });
242.     },
243.     function(user, done) {
244.       var smtpTransport = nodemailer.createTransport({
245.         service: 'SendGrid',
246.         auth: {
247.           user: 'halfcab123',
248.           pass: 'a1s2d3f4g5'
249.         }
250.       });
251.       var mailOptions = {
252.         to: user.email,
253.         from: 'passwordreset@camtradr.com',
254.         subject: 'Your password has been changed',
255.         text: 'Hello,\n\n' +
256.           'This is a confirmation that the password for your account ' + user.email + ' has just been changed.\n'
257.       };
258.       smtpTransport.sendMail(mailOptions, function(err) {
259.         req.flash('success', 'Success! Your password has been changed.');
260.         done(err);
261.       });
262.     }
263.   ], function(err) {
264.     res.redirect('/signin');
265.   });
266. });
267.  
268.  
269. module.exports = router;
270.  
271. //Middleware to protect routes from non-users
272. function isLoggedIn(req, res, next) {
273.     if (req.isAuthenticated()) {
274.         return next();
275.     }
276.     res.redirect('/');
277. }