Dashboard API explorer

/api/user/reset-account-password (PATCH)

await global.api.user.ResetAccountPassword.patch(req)
Located in Dashboard API

Returns boolean

Exceptions

These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:

Exception Circumstances
invalid posted username
invalid-username missing posted username
invalid-password missing posted new-password
invalid-secret-code missing posted secret-code
invalid-reset-code invalid posted secret-code

NodeJS source (edit on github)

If you see a problem with the source submit a pull request on Github.

const dashboard = require('../../../../index.js')

module.exports = {
  auth: false,
  patch: async (req) => {
    if (!req.body || !req.body['secret-code']) {
      throw new Error('invalid-secret-code')
    }
    if (!req.body.username) {
      throw new Error('invalid-username')
    }
    if (!req.body.username || !req.body.username.length ||
      global.minimumUsernameLength > req.body.username.length) {
      throw new Error('invalid-username')
    }
    if (!req.body['new-password'] || !req.body['new-password'].length) {
      throw new Error('invalid-password')
    }
    if (global.minimumPasswordLength > req.body['new-password'].length) {
      throw new Error('invalid-password-length')
    }
    if (!req.body['secret-code'] || !req.body['secret-code'].length) {
      throw new Error('invalid-secret-code')
    }
    let dashboardEncryptionKey = global.dashboardEncryptionKey
    if (req.server) {
      dashboardEncryptionKey = req.server.dashboardEncryptionKey || dashboardEncryptionKey
    }
    const usernameHash = await dashboard.Hash.sha512Hash(req.body.username, dashboardEncryptionKey)
    const accountid = await dashboard.Storage.read(`${req.appid}/map/usernames/${usernameHash}`)
    if (!accountid) {
      throw new Error('invalid-username')
    }
    const query = req.query
    req.query = { accountid }
    const account = await global.api.administrator.Account.get(req)
    req.query = query
    if (!account) {
      throw new Error('invalid-username')
    }
    if (account.deleted) {
      throw new Error('invalid-account')
    }
    if (account.deleted < dashboard.Timestamp.now) {
      throw new Error('invalid-account')
    }
    const secretCodeHash = await dashboard.Hash.sha512Hash(req.body['secret-code'], dashboardEncryptionKey)
    const codeid = await dashboard.Storage.read(`${req.appid}/map/account/resetCodes/${accountid}/${secretCodeHash}`)
    if (!codeid) {
      throw new Error('invalid-reset-code')
    }
    const passwordHash = await dashboard.Hash.bcryptHashHash(req.body['new-password'], dashboardEncryptionKey)
    await dashboard.StorageObject.setProperties(`${req.appid}/account/${accountid}`, {
      passwordHash,
      resetCodeLastUsed: dashboard.Timestamp.now,
      sessionKey: dashboard.UUID.random(64),
      sessionKeyLastReset: dashboard.Timestamp.now,
      passwordLastChanged: dashboard.Timestamp.now,
      sessionKeyNumber: account.sessionKeyNumber + 1
    })
    await dashboard.Storage.delete(`${req.appid}/resetCode/${codeid}`)
    await dashboard.StorageList.remove(`${req.appid}/resetCodes`, codeid)
    await dashboard.StorageList.remove(`${req.appid}/account/resetCodes/${accountid}`, codeid)
    await dashboard.Storage.delete(`${req.appid}/map/account/resetCodes/${accountid}/${secretCodeHash}`)
    return true
  }
}

Test source (edit on github)

Tests perform real HTTP requests against a running Dashboard server.

/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')

describe('/api/user/reset-account-password', () => {
  describe('exceptions', () => {
    describe('invalid-username', () => {
      it('missing posted username', async () => {
        const req = TestHelper.createRequest('/api/user/reset-account-password')
        req.body = {
          username: '',
          'new-password': 'password',
          'secret-code': 'code'
        }
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-username')
      })

      it('invalid posted username', async () => {
        const req = TestHelper.createRequest('/api/user/reset-account-password')
        req.body = {
          username: 'invalid',
          'new-password': 'password',
          'secret-code': 'code'
        }
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-username')
      })
    })

    describe('invalid-password', () => {
      it('missing posted new-password', async () => {
        const req = TestHelper.createRequest('/api/user/reset-account-password')
        req.body = {
          username: 'username',
          'new-password': '',
          'secret-code': 'code'
        }
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-password')
      })
    })

    describe('invalid-secret-code', () => {
      it('missing posted secret-code', async () => {
        const req = TestHelper.createRequest('/api/user/reset-account-password')
        req.body = {
          username: 'username',
          'new-password': 'password'
        }
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-secret-code')
      })
    })

    describe('invalid-reset-code', () => {
      it('invalid posted secret-code', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/reset-account-password')
        req.body = {
          username: user.account.username,
          'new-password': 'password',
          'secret-code': 'invalid'
        }
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-reset-code')
      })
    })
  })

  describe('returns', () => {
    it('boolean', async () => {
      const user = await TestHelper.createUser()
      const code = await TestHelper.createResetCode(user)
      const req = TestHelper.createRequest('/api/user/reset-account-password')
      req.body = {
        username: user.account.username,
        'new-password': 'new-password',
        'secret-code': code.code
      }
      req.filename = __filename
      req.saveResponse = true
      const resetPassword = await req.patch()
      assert.strictEqual(resetPassword, true)
    })
  })
})