Skip to content

Commit 2e822a5

Browse files
author
dmlenton
committed
Improves some error responses for forgot API
1 parent add7c6d commit 2e822a5

File tree

1 file changed

+9
-7
lines changed

1 file changed

+9
-7
lines changed

routes/api/account.js

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -81,18 +81,18 @@ module.exports = function (app) {
8181
const account = new User(appId);
8282
account.loadByRef(ref, (err, json) => {
8383
if (err) {
84-
return next(new JsonError('This reset key is not valid'));
84+
return next(new JsonError('This reset key is not valid', 400));
8585
}
8686
if (json.reset_key !== req.params.key)
87-
return next(new JsonError('This reset key is not valid'));
87+
return next(new JsonError('This reset key is not valid', 400));
8888
if (json.reset_date) {
8989
if (new Date() - new Date(json.reset_date) > ONE_DAY) {
90-
return next(new JsonError('This reset key is out of date'));
90+
return next(new JsonError('This reset key is out of date', 400));
9191
}
9292
}
93-
if (password.length === 0) return next(new JsonError('Password is missing'));
94-
if (passwordConfirm.length === 0) return next(new JsonError('Password confirmation is missing'));
95-
if (password !== passwordConfirm) return next(new JsonError('Your passwords do not match'));
93+
if (password.length === 0) return next(new JsonError('Password is missing', 400));
94+
if (passwordConfirm.length === 0) return next(new JsonError('Password confirmation is missing', 400));
95+
if (password !== passwordConfirm) return next(new JsonError('Your passwords do not match', 400));
9696
account.setPassword(password, (err) => {
9797
if (err) return next(new JsonError('There was a problem setting your password'));
9898
});
@@ -104,9 +104,11 @@ module.exports = function (app) {
104104
router.post('/forgot', cors(), (req, res, next) => {
105105
if (!req.body || !req.body.username)
106106
throw new JsonError('You must specify an email address', 400);
107+
if (!isEmail(req.body.username))
108+
throw new JsonError('You must specify a valid email address', 400);
107109
let account = new User(req.site.server.client_id);
108110
account.loadByUsername(req.body.username, (err, user) => {
109-
if (err) return next(new JsonError('Unable to find the specified email address'));
111+
if (err || !user) return next(new JsonError('Unable to find the specified email address', 400));
110112
account = Object.assign(account, user);
111113
const appId = req.site.server.client_id;
112114
const options = {

0 commit comments

Comments
 (0)