feat: implement change password flow

aldeed · aldeed · commit 84452ce3ea3d · 2019-12-29T18:22:35.000-06:00
Signed-off-by: Eric Dobbertin &lt;eric@dairystatedesigns.com&gt;
diff --git a/.env.example b/.env.example
@@ -8,6 +8,7 @@ OAUTH2_AUTH_URL=http://localhost:4444/oauth2/auth
 OAUTH2_CLIENT_ID=example-storefront
 OAUTH2_CLIENT_SECRET=CHANGEME
 OAUTH2_HOST=hydra.auth.reaction.localhost
+OAUTH2_IDP_PUBLIC_CHANGE_PASSWORD_URL=http://localhost:4100/account/change-password?email=EMAIL&from=FROM
 OAUTH2_IDP_HOST_URL=http://identity.auth.reaction.localhost:4100
 OAUTH2_REDIRECT_URL=http://localhost:4000/callback
 OAUTH2_TOKEN_URL=http://hydra.auth.reaction.localhost:4444/oauth2/token
diff --git a/src/components/AccountDropdown/AccountDropdown.js b/src/components/AccountDropdown/AccountDropdown.js
@@ -78,6 +78,11 @@ class AccountDropdown extends Component {
                     Profile
                   </Button>
                 </div>
+                <div className={classes.marginBottom}>
+                  <Button color="primary" fullWidth href={`/change-password?email=${encodeURIComponent(account.emailRecords[0].address)}`}>
+                    Change Password
+                  </Button>
+                </div>
                 <Button color="primary" fullWidth href={`/logout/${account._id}`} variant="contained">
                   Sign Out
                 </Button>
diff --git a/src/config.js b/src/config.js
@@ -37,6 +37,7 @@ if (process.env.IS_BUILDING_NEXTJS) {
     OAUTH2_AUTH_URL: url(),
     OAUTH2_CLIENT_ID: str(),
     OAUTH2_CLIENT_SECRET: str(),
+    OAUTH2_IDP_PUBLIC_CHANGE_PASSWORD_URL: url(),
     OAUTH2_IDP_HOST_URL: url(),
     OAUTH2_REDIRECT_URL: url(),
     OAUTH2_TOKEN_URL: url(),
diff --git a/src/serverAuth.js b/src/serverAuth.js
@@ -74,6 +74,21 @@ function configureAuthForServer(server) {
     res.redirect(req.session.redirectTo || "/");
   });
 
+  server.get("/change-password", (req, res) => {
+    const { email } = req.query;
+
+    let from = req.get("Referer");
+    if (typeof from !== "string" || from.length === 0) {
+      from = config.CANONICAL_URL;
+    }
+
+    let url = config.OAUTH2_IDP_PUBLIC_CHANGE_PASSWORD_URL;
+    url = url.replace("EMAIL", encodeURIComponent(email || ""));
+    url = url.replace("FROM", encodeURIComponent(from));
+
+    res.redirect(url);
+  });
+
   server.get("/logout/:userId", (req, res, next) => {
     const { userId } = req.params;
     if (!userId) {
