1 files changed, 53 insertions, 0 deletions

diff --git a/server/model/user.js b/server/model/user.js
new file mode 100644
index 0000000..329402f
--- /dev/null
+++ b/server/model/user.js
@@ -0,0 +1,53 @@
+const { BeanModel } = require("redbean-node/dist/bean-model");
+const passwordHash = require("../password-hash");
+const { R } = require("redbean-node");
+const jwt = require("jsonwebtoken");
+const { shake256, SHAKE256_LENGTH } = require("../util-server");
+
+class User extends BeanModel {
+    /**
+     * Reset user password
+     * Fix #1510, as in the context reset-password.js, there is no auto model mapping. Call this static function instead.
+     * @param {number} userID ID of user to update
+     * @param {string} newPassword Users new password
+     * @returns {Promise<void>}
+     */
+    static async resetPassword(userID, newPassword) {
+        await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
+            passwordHash.generate(newPassword),
+            userID
+        ]);
+    }
+
+    /**
+     * Reset this users password
+     * @param {string} newPassword Users new password
+     * @returns {Promise<void>}
+     */
+    async resetPassword(newPassword) {
+        const hashedPassword = passwordHash.generate(newPassword);
+
+        await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
+            hashedPassword,
+            this.id
+        ]);
+
+        this.password = hashedPassword;
+    }
+
+    /**
+     * Create a new JWT for a user
+     * @param {User} user The User to create a JsonWebToken for
+     * @param {string} jwtSecret The key used to sign the JsonWebToken
+     * @returns {string} the JsonWebToken as a string
+     */
+    static createJWT(user, jwtSecret) {
+        return jwt.sign({
+            username: user.username,
+            h: shake256(user.password, SHAKE256_LENGTH),
+        }, jwtSecret);
+    }
+
+}
+
+module.exports = User;