Octagon-simon/pass-reset-part-6.js

## pass-reset-part-6.js
//reset route
app.get('/reset', async (req, res) => {
    try {
        //check for email and hash in query parameter
        if (req.query && req.query.email && req.query.hash) {
            //find user with suh email address
            const user = await User.findOne({ email: req.query.email })
            //check if user object is not empty
            if (user) {
                //now check if hash is valid
                if (new User(user).verifyPasswordResetHash(req.query.hash)) {
                    //save email to session
                    req.session.email = req.query.email;
                    //issue a password reset form
                    return res.sendFile(__dirname + '/views/new_pass.html')
                } else {
                    return res.status(400).json({
                        message: "You have provided an invalid reset link"
                    })
                }
            } else {
                return res.status(400).json({
                    message: "You have provided an invalid reset link"
                })
            }
        } else {
            //if there are no query parameters, serve the normal request form
            return res.sendFile(__dirname + '/views/reset.html')
        }
    } catch (err) {
        console.log(err)
        return res.status(500).json({
            message: "Internal server error"
        })
    }
})
	//reset route
	app.get('/reset', async (req, res) => {
	try {
	//check for email and hash in query parameter
	if (req.query && req.query.email && req.query.hash) {
	//find user with suh email address
	const user = await User.findOne({ email: req.query.email })
	//check if user object is not empty
	if (user) {
	//now check if hash is valid
	if (new User(user).verifyPasswordResetHash(req.query.hash)) {
	//save email to session
	req.session.email = req.query.email;
	//issue a password reset form
	return res.sendFile(__dirname + '/views/new_pass.html')
	} else {
	return res.status(400).json({
	message: "You have provided an invalid reset link"
	})
	}
	} else {
	return res.status(400).json({
	message: "You have provided an invalid reset link"
	})
	}
	} else {
	//if there are no query parameters, serve the normal request form
	return res.sendFile(__dirname + '/views/reset.html')
	}
	} catch (err) {
	console.log(err)
	return res.status(500).json({
	message: "Internal server error"
	})
	}
	})