From 6ae642245e0322f194ca5d960f669f33ba38c2fa Mon Sep 17 00:00:00 2001 From: syuilo Date: Tue, 4 May 2021 15:05:34 +0900 Subject: [PATCH] Password reset (#7494) * wip * wip * Update well-known.ts * wip * clean up * Update request-reset-password.ts * Update forgot-password.vue * Update reset-password.ts * Update request-reset-password.ts --- locales/ja-JP.yml | 6 ++ migration/1619942102890-password-reset.ts | 20 +++++ src/client/components/forgot-password.vue | 71 ++++++++++++++++++ src/client/components/signin.vue | 10 ++- src/client/pages/reset-password.vue | 69 ++++++++++++++++++ src/client/router.ts | 1 + src/client/style.scss | 2 +- src/db/postgre.ts | 2 + src/models/entities/password-reset-request.ts | 30 ++++++++ src/models/index.ts | 2 + .../api/endpoints/request-reset-password.ts | 73 +++++++++++++++++++ src/server/api/endpoints/reset-password.ts | 45 ++++++++++++ src/server/well-known.ts | 5 ++ 13 files changed, 333 insertions(+), 3 deletions(-) create mode 100644 migration/1619942102890-password-reset.ts create mode 100644 src/client/components/forgot-password.vue create mode 100644 src/client/pages/reset-password.vue create mode 100644 src/models/entities/password-reset-request.ts create mode 100644 src/server/api/endpoints/request-reset-password.ts create mode 100644 src/server/api/endpoints/reset-password.ts diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml index 041bdfb11..2b973ae55 100644 --- a/locales/ja-JP.yml +++ b/locales/ja-JP.yml @@ -7,6 +7,7 @@ search: "検索" notifications: "通知" username: "ユーザー名" password: "パスワード" +forgotPassword: "パスワードを忘れた" fetchingAsApObject: "連合に照会中" ok: "OK" gotIt: "わかった" @@ -748,6 +749,11 @@ recentPosts: "最近の投稿" popularPosts: "人気の投稿" shareWithNote: "ノートで共有" +_forgotPassword: + enterEmail: "アカウントに登録したメールアドレスを入力してください。そのアドレス宛てに、パスワードリセット用のリンクが送信されます。" + ifNoEmail: "メールアドレスを登録していない場合は、管理者までお問い合わせください。" + contactAdmin: "このインスタンスではメールがサポートされていないため、パスワードリセットを行う場合は管理者までお問い合わせください。" + _gallery: my: "自分の投稿" liked: "いいねした投稿" diff --git a/migration/1619942102890-password-reset.ts b/migration/1619942102890-password-reset.ts new file mode 100644 index 000000000..66854cb02 --- /dev/null +++ b/migration/1619942102890-password-reset.ts @@ -0,0 +1,20 @@ +import {MigrationInterface, QueryRunner} from "typeorm"; + +export class passwordReset1619942102890 implements MigrationInterface { + name = 'passwordReset1619942102890' + + public async up(queryRunner: QueryRunner): Promise { + await queryRunner.query(`CREATE TABLE "password_reset_request" ("id" character varying(32) NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL, "token" character varying(256) NOT NULL, "userId" character varying(32) NOT NULL, CONSTRAINT "PK_fcf4b02eae1403a2edaf87fd074" PRIMARY KEY ("id"))`); + await queryRunner.query(`CREATE UNIQUE INDEX "IDX_0b575fa9a4cfe638a925949285" ON "password_reset_request" ("token") `); + await queryRunner.query(`CREATE INDEX "IDX_4bb7fd4a34492ae0e6cc8d30ac" ON "password_reset_request" ("userId") `); + await queryRunner.query(`ALTER TABLE "password_reset_request" ADD CONSTRAINT "FK_4bb7fd4a34492ae0e6cc8d30ac8" FOREIGN KEY ("userId") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE NO ACTION`); + } + + public async down(queryRunner: QueryRunner): Promise { + await queryRunner.query(`ALTER TABLE "password_reset_request" DROP CONSTRAINT "FK_4bb7fd4a34492ae0e6cc8d30ac8"`); + await queryRunner.query(`DROP INDEX "IDX_4bb7fd4a34492ae0e6cc8d30ac"`); + await queryRunner.query(`DROP INDEX "IDX_0b575fa9a4cfe638a925949285"`); + await queryRunner.query(`DROP TABLE "password_reset_request"`); + } + +} diff --git a/src/client/components/forgot-password.vue b/src/client/components/forgot-password.vue new file mode 100644 index 000000000..1f530d7ca --- /dev/null +++ b/src/client/components/forgot-password.vue @@ -0,0 +1,71 @@ + + + diff --git a/src/client/components/signin.vue b/src/client/components/signin.vue index 2c883e0c3..f8249ffcd 100755 --- a/src/client/components/signin.vue +++ b/src/client/components/signin.vue @@ -11,6 +11,7 @@ {{ $ts.password }} + {{ signing ? $ts.loggingIn : $ts.login }} @@ -49,8 +50,8 @@ + + diff --git a/src/client/router.ts b/src/client/router.ts index 8dcc1d1eb..4c3aa765e 100644 --- a/src/client/router.ts +++ b/src/client/router.ts @@ -23,6 +23,7 @@ export const router = createRouter({ { path: '/@:user/pages/:pageName/view-source', component: page('page-editor/page-editor'), props: route => ({ initUser: route.params.user, initPageName: route.params.pageName }) }, { path: '/@:acct/room', props: true, component: page('room/room') }, { path: '/settings/:page(.*)?', name: 'settings', component: page('settings/index'), props: route => ({ initialPage: route.params.page || null }) }, + { path: '/reset-password/:token?', component: page('reset-password'), props: route => ({ token: route.params.token }) }, { path: '/announcements', component: page('announcements') }, { path: '/about', component: page('about') }, { path: '/about-misskey', component: page('about-misskey') }, diff --git a/src/client/style.scss b/src/client/style.scss index aa00303a1..523ab1303 100644 --- a/src/client/style.scss +++ b/src/client/style.scss @@ -337,7 +337,7 @@ hr { } ._monolithic_ { - ._section { + ._section:not(:empty) { box-sizing: border-box; padding: var(--root-margin, 32px); diff --git a/src/db/postgre.ts b/src/db/postgre.ts index c8b012171..e2a779a52 100644 --- a/src/db/postgre.ts +++ b/src/db/postgre.ts @@ -70,6 +70,7 @@ import { Channel } from '../models/entities/channel'; import { ChannelFollowing } from '../models/entities/channel-following'; import { ChannelNotePining } from '../models/entities/channel-note-pining'; import { RegistryItem } from '../models/entities/registry-item'; +import { PasswordResetRequest } from '@/models/entities/password-reset-request'; const sqlLogger = dbLogger.createSubLogger('sql', 'white', false); @@ -169,6 +170,7 @@ export const entities = [ ChannelFollowing, ChannelNotePining, RegistryItem, + PasswordResetRequest, ...charts as any ]; diff --git a/src/models/entities/password-reset-request.ts b/src/models/entities/password-reset-request.ts new file mode 100644 index 000000000..6d41d38a9 --- /dev/null +++ b/src/models/entities/password-reset-request.ts @@ -0,0 +1,30 @@ +import { PrimaryColumn, Entity, Index, Column, ManyToOne, JoinColumn } from 'typeorm'; +import { id } from '../id'; +import { User } from './user'; + +@Entity() +export class PasswordResetRequest { + @PrimaryColumn(id()) + public id: string; + + @Column('timestamp with time zone') + public createdAt: Date; + + @Index({ unique: true }) + @Column('varchar', { + length: 256, + }) + public token: string; + + @Index() + @Column({ + ...id(), + }) + public userId: User['id']; + + @ManyToOne(type => User, { + onDelete: 'CASCADE' + }) + @JoinColumn() + public user: User | null; +} diff --git a/src/models/index.ts b/src/models/index.ts index 9d08e4985..6ce453ef3 100644 --- a/src/models/index.ts +++ b/src/models/index.ts @@ -60,6 +60,7 @@ import { MutedNote } from './entities/muted-note'; import { ChannelFollowing } from './entities/channel-following'; import { ChannelNotePining } from './entities/channel-note-pining'; import { RegistryItem } from './entities/registry-item'; +import { PasswordResetRequest } from './entities/password-reset-request'; export const Announcements = getRepository(Announcement); export const AnnouncementReads = getRepository(AnnouncementRead); @@ -122,3 +123,4 @@ export const Channels = getCustomRepository(ChannelRepository); export const ChannelFollowings = getRepository(ChannelFollowing); export const ChannelNotePinings = getRepository(ChannelNotePining); export const RegistryItems = getRepository(RegistryItem); +export const PasswordResetRequests = getRepository(PasswordResetRequest); diff --git a/src/server/api/endpoints/request-reset-password.ts b/src/server/api/endpoints/request-reset-password.ts new file mode 100644 index 000000000..c880df752 --- /dev/null +++ b/src/server/api/endpoints/request-reset-password.ts @@ -0,0 +1,73 @@ +import $ from 'cafy'; +import { publishMainStream } from '../../../services/stream'; +import define from '../define'; +import rndstr from 'rndstr'; +import config from '@/config'; +import * as ms from 'ms'; +import { Users, UserProfiles, PasswordResetRequests } from '../../../models'; +import { sendEmail } from '../../../services/send-email'; +import { ApiError } from '../error'; +import { genId } from '@/misc/gen-id'; +import { IsNull } from 'typeorm'; + +export const meta = { + requireCredential: false as const, + + limit: { + duration: ms('1hour'), + max: 3 + }, + + params: { + username: { + validator: $.str + }, + + email: { + validator: $.str + }, + }, + + errors: { + + } +}; + +export default define(meta, async (ps) => { + const user = await Users.findOne({ + usernameLower: ps.username.toLowerCase(), + host: IsNull() + }); + + // 合致するユーザーが登録されていなかったら無視 + if (user == null) { + return; + } + + const profile = await UserProfiles.findOneOrFail(user.id); + + // 合致するメアドが登録されていなかったら無視 + if (profile.email !== ps.email) { + return; + } + + // メアドが認証されていなかったら無視 + if (!profile.emailVerified) { + return; + } + + const token = rndstr('a-z0-9', 64); + + await PasswordResetRequests.insert({ + id: genId(), + createdAt: new Date(), + userId: profile.userId, + token + }); + + const link = `${config.url}/reset-password/${token}`; + + sendEmail(ps.email, 'Password reset requested', + `To reset password, please click this link:
${link}`, + `To reset password, please click this link: ${link}`); +}); diff --git a/src/server/api/endpoints/reset-password.ts b/src/server/api/endpoints/reset-password.ts new file mode 100644 index 000000000..5f79bdbd0 --- /dev/null +++ b/src/server/api/endpoints/reset-password.ts @@ -0,0 +1,45 @@ +import $ from 'cafy'; +import * as bcrypt from 'bcryptjs'; +import { publishMainStream } from '../../../services/stream'; +import define from '../define'; +import { Users, UserProfiles, PasswordResetRequests } from '../../../models'; +import { ApiError } from '../error'; + +export const meta = { + requireCredential: false as const, + + params: { + token: { + validator: $.str + }, + + password: { + validator: $.str + } + }, + + errors: { + + } +}; + +export default define(meta, async (ps, user) => { + const req = await PasswordResetRequests.findOneOrFail({ + token: ps.token, + }); + + // 発行してから30分以上経過していたら無効 + if (Date.now() - req.createdAt.getTime() > 1000 * 60 * 30) { + throw new Error(); // TODO + } + + // Generate hash of password + const salt = await bcrypt.genSalt(8); + const hash = await bcrypt.hash(ps.password, salt); + + await UserProfiles.update(req.userId, { + password: hash + }); + + PasswordResetRequests.delete(req.id); +}); diff --git a/src/server/well-known.ts b/src/server/well-known.ts index b1b6b2a77..57b6aba9a 100644 --- a/src/server/well-known.ts +++ b/src/server/well-known.ts @@ -61,6 +61,11 @@ router.get('/.well-known/nodeinfo', async ctx => { ctx.body = { links }; }); +/* TODO +router.get('/.well-known/change-password', async ctx => { +}); +*/ + router.get(webFingerPath, async ctx => { const fromId = (id: User['id']): Record => ({ id,