Hi there,
I have had the password recovery function working, however recently it is not working correctly.
What i have tested:
1) If you enter all the correct parameters (username,newPassword,secretCode) it works correctly.
2) If you enter only a correct username you get the the response of:
Status 200
{
"message": "Your password was successfully changed. A confirmation email has been sent to you"
}
This is incorrect as no secret code or password was entered.
2) If you enter the correct username and wrong secretCode get the same response of
Status 200
{
"message": "Your pasword was successfully changed. A confirmation email has been sent to you"
}
Which is also incorrect, as the wrong secret code was entered.
Below is the sever code script that I am using (it is copied from your tutorial though I made the change as suggested for encodeURIComponent):
var responseBody = {},
requestParams = {},
paramKeys = request.keys();
for (var key = 0; key < paramKeys.length; key++) {
requestParams[paramKeys[key]] = request.get(paramKeys[key]);
}
// Declare database ID and Master key
var dbId = "5XXXXXXXXXXb";
var masterKey = "dXXXXXXXXX";
// Get username, new password and secret code from request parameters
var username = requestParams['username'];
var newPassword = requestParams['newPassword'];
var secretCode = requestParams['secretCode'];
try {
// Get the user with a given username from the database
var XHRResponse = XHR.send("GET", "https://api.appery.io/rest/1/db/users/", {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey
},
"parameters": {
"where": '{"username": "' + encodeURIComponent(username) + '"}'
}
});
Code: Select all
// If the user exists, get his email, id and secret code from response
if (XHRResponse.body.length) {
var email = XHRResponse.body[0]["email"];
var userId = XHRResponse.body[0]["_id"];
var secretCodeDB = XHRResponse.body[0]["secret_code"];
// If the secret code from the database matches the secret code received from user,
// update the password with the new value
if (secretCode == secretCodeDB) {
var XHRResponse = XHR.send("PUT", "[url=https://api.appery.io/rest/1/db/users/]https://api.appery.io/rest/1/db/users/[/url]" + userId, {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey,
"Content-Type": "application/json"
},
// Update user's password with a new value
"body": {
"password": newPassword
}
});
}
// If the password update was successful, send an email to the user
if (XHRResponse.status == 200) {
var XHRResponse = XHR.send("POST", "[url=https://api.sendgrid.com/api/mail.send.json]https://api.sendgrid.com/api/mail.sen...[/url]", {
"parameters": {
"api_user": "JaXXXXXn",
"api_key": "cXXXXXX",
"to": email,
"toname": "",
"subject": "Password Recovery Complete",
"text": "You have successfully changed your password",
"from": "a href="mailto:admin@XXXXXXX.com" rel="nofollow"admin@XXXXXXX.com/a"
}
});
if (XHRResponse.status == 200) {
// If the email was successfully sent, inform the user about it
responseBody.message = "Your password was successfully changed. A confirmation email has been sent to you";
} else {
// Email was not sent, but the password reset was still successful
responseBody.message = "Your password was successfully changed";
}
} else {
responseBody.message = "Database error";
}
} else {
responseBody.message = "User not found";
}
response.success(responseBody, "application/json"); } catch (e) {
response.success("message: " + e.message + "\ncode: " + e.code); //If something goes wrong error message will appear
}
Please help this is driving me crazy.
thanks
Jimmy