1
/*
2
 *  This file is part of CoCalc: Copyright © 2020 Sagemath, Inc.
3
 *  License: MS-RSL – see LICENSE.md for details
4
 */
5

6
/*
7
Redeeming a password reset works as follows:
8

9
1. check that the password reset id is valid still; error if not
10
2. check that the password is valid; error if not
11
3. invalidate password reset id by writing that it is used to the database
12
4. write hash of new password to the database
13
5. respond success and sign user in.
14
*/
15

16
import redeemPasswordReset from "@cocalc/server/auth/redeem-password-reset";
17
import { signUserIn } from "./sign-in";
18
import getParams from "lib/api/get-params";
19

20
export default async function redeemPasswordResetAPIEndPoint(req, res) {
21
  const { password, passwordResetId } = getParams(req);
22
  let account_id: string;
23
  try {
24
    account_id = await redeemPasswordReset(password, passwordResetId);
25
  } catch (err) {
26
    res.json({ error: `${err.message}` });
27
    return;
28
  }
29
  await signUserIn(req, res, account_id);
30
  return;
31
}
32

33