NodeJS source (edit on github)

If you see a problem with the source submit a pull request on Github.

const dashboard = require('../../../../index.js')

module.exports = {
  post: async (req) => {
    if (!req.query || !req.query.accountid) {
      throw new Error('invalid-accountid')
    }
    const account = await global.api.user.Account.get(req)
    if (!account) {
      throw new Error('invalid-accountid')
    }
    if (!req.body || !req.body['secret-code']) {
      throw new Error('invalid-secret-code')
    }
    if (global.minimumResetCodeLength > req.body['secret-code'].length ||
      global.maximumResetCodeLength < req.body['secret-code'].length) {
      throw new Error('invalid-secret-code-length')
    }
    let dashboardEncryptionKey = global.dashboardEncryptionKey
    if (req.server) {
      dashboardEncryptionKey = req.server.dashboardEncryptionKey || dashboardEncryptionKey
    }
    const secretCodeHash = await dashboard.Hash.sha512Hash(req.body['secret-code'], dashboardEncryptionKey)
    const codeid = `code_${await dashboard.UUID.generateID()}`
    const resetCodeInfo = {
      object: 'resetCode',
      accountid: req.query.accountid,
      codeid,
      secretCodeHash,
      created: dashboard.Timestamp.now
    }
    await dashboard.Storage.write(`${req.appid}/resetCode/${codeid}`, resetCodeInfo)
    await dashboard.StorageObject.setProperty(`${req.appid}/account/${req.account.accountid}`, 'resetCodeLastCreated', dashboard.Timestamp.now)
    await dashboard.StorageList.addMany({
      [`${req.appid}/resetCodes`]: codeid,
      [`${req.appid}/account/resetCodes/${req.query.accountid}`]: codeid
    })
    await dashboard.Storage.write(`${req.appid}/map/account/resetCodes/${req.query.accountid}/${secretCodeHash}`, codeid)
    return resetCodeInfo
  }
}

Test source (edit on github)

Tests perform real HTTP requests against a running Dashboard server.

/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')

describe('/api/user/create-reset-code', () => {
  describe('exceptions', () => {
    describe('invalid-accountid', () => {
      it('missing querystring accountid', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/create-reset-code')
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-accountid')
      })

      it('invalid querystring accountid', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/create-reset-code?accountid=invalid')
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-accountid')
      })
    })

    describe('invalid-accountid', () => {
      it('ineligible accessing account', async () => {
        const user = await TestHelper.createUser()
        const user2 = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user2.account.accountid}`)
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-account')
      })
    })

    describe('invalid-secret-code', () => {
      it('missing posted secret-code', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
        req.account = user.account
        req.session = user.session
        req.body = {
        }
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-secret-code')
      })
    })

    describe('invalid-secret-code-length', () => {
      it('posted secret code too short', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
        req.account = user.account
        req.session = user.session
        req.body = {
          'secret-code': '1'
        }
        global.minimumResetCodeLength = 100
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-secret-code-length')
      })

      it('posted secret code too long', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
        req.account = user.account
        req.session = user.session
        req.body = {
          'secret-code': 'adsf'
        }
        global.maximumResetCodeLength = 1
        let errorMessage
        try {
          await req.post()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-secret-code-length')
      })
    })
  })

  describe('returns', () => {
    it('object', async () => {
      const user = await TestHelper.createUser()
      const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
      req.account = user.account
      req.session = user.session
      req.filename = __filename
      req.saveResponse = true
      req.body = {
        'secret-code': 'this-is-the-code'
      }
      const code = await req.post()
      assert.strictEqual(code.object, 'resetCode')
    })
  })
})