NodeJS和ExpressJS中的多用户密码重置并发问题
[英]Multi user password reset concurrency issue in NodeJS and ExpressJS
问题描述
Unable to reset password for multiple users.
无法为多个用户重置密码。 I am stuck while multiple users trying to reset the password当多个用户尝试重置密码时我被卡住了
How I do capture the exact reset token sent to specific user in email as link?我如何捕获在电子邮件中作为链接发送给特定用户的确切重置令牌? Lets say when two user are trying to reset the password, the resetQueryParameter will be overridden.假设当两个用户尝试重置密码时, resetQueryParameter将被覆盖。 How do I handle this?我该如何处理?
Get the token from query parameters when users clicks on the reset link in email:当用户单击电子邮件中的重置链接时,从查询参数中获取令牌:
// global variable
var resetQueryParameters = '';
//CAPTURE TOKEN (QUERY PARAMS) FROM LINK
app.get('/resetQuery/', function (req, res) {
//SET THE TOKEN TO VARIABLE
resetQueryParameters = req.query.token;
r.db('myDB').table('Reset_Password').filter(r.row('auth_key').eq(req.query.token)).
run(myConnection, function (err, cursor) {
if (err) {
return next(err);
}
cursor.toArray(function (err, result) {
if (err) {
throw err;
} else {
if (result.length > 0) {
res.redirect(redirectResetPage);
} else {
res.redirect(redirectLoginPage);
}
return result;
console.log("printing reset link from db.....", JSON.stringify(result, null, 2));
}
});
});
});
getting the token when user clicks on link and verify the signature:当用户点击链接并验证签名时获取令牌:
function resetPassword(req, res, next) {
console.log('reset password called from external link.....');
nJwt.verify(resetQueryParameters, secretKey, function (err, verifiedJwt) {
if (err) {
console.log('reset token not valid...', err);
} else {
var params = {
'username': verifiedJwt.body.details,
'newPassword': req.params.newPassword
};
getApiResponse(resetURL, params, function (res1) {
console.log('sending reset params to server...', params);
if (res1.error) {
console.log('Could not reset password......', res1.error);
} else {
console.log('reset password success.....');
resetQueryParameters = '';
res.json(res1);
}
});
}
});
}
1 个解决方案
解决方案1
1 已采纳 2016-12-04 08:33:47
It's not a good practice to use global variables here and not for any scenario.在这里使用全局变量而不是任何场景都不是一个好习惯。
When you do the redirect, you should pass the req.query.token to the redirectResetPage as below,当您进行重定向时,您应该将req.query.token传递给redirectResetPage ,如下所示,
if (result.length > 0) {
res.redirect(redirectResetPage + '?token=' + req.query.token);
} else {
res.redirect(redirectLoginPage);
}
and let the page pass the same token back to the resetPassword method and use it there from the request.query or request.body but not from the global variable.并让页面将相同的令牌传递回resetPassword方法,并在request.query或request.body使用它,而不是从全局变量中使用它。
function resetPassword(req, res, next) {
console.log('reset password called from external link.....');
nJwt.verify(req.query.token, secretKey, function (err, verifiedJwt) {
if (err) {
console.log('reset token not valid...', err);
} else {
var params = {
'username': verifiedJwt.body.details,
'newPassword': req.params.newPassword
};
getApiResponse(resetURL, params, function (res1) {
console.log('sending reset params to server...', params);
if (res1.error) {
console.log('Could not reset password......', res1.error);
} else {
console.log('reset password success.....');
resetQueryParameters = '';
res.json(res1);
}
});
}
});
}
Note: The best practise is, store this token in the database if possible or store it in the cookie/jwt token.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.