diff --git a/packages/fxa-auth-server/lib/routes/password.js b/packages/fxa-auth-server/lib/routes/password.js index 6ce029ee710..d58a1b43b25 100644 --- a/packages/fxa-auth-server/lib/routes/password.js +++ b/packages/fxa-auth-server/lib/routes/password.js @@ -53,70 +53,56 @@ module.exports = function( const form = request.payload; const oldAuthPW = form.oldAuthPW; - return customs - .check(request, form.email, 'passwordChange') - .then(db.accountRecord.bind(db, form.email)) - .then( - emailRecord => { - const password = new Password( - oldAuthPW, - emailRecord.authSalt, - emailRecord.verifierVersion - ); - return signinUtils - .checkPassword(emailRecord, password, request.app.clientAddress) - .then(match => { - if (!match) { - throw error.incorrectPassword( - emailRecord.email, - form.email - ); - } - const password = new Password( - oldAuthPW, - emailRecord.authSalt, - emailRecord.verifierVersion - ); - return password.unwrap(emailRecord.wrapWrapKb); - }) - .then(wrapKb => { - return db - .createKeyFetchToken({ - uid: emailRecord.uid, - kA: emailRecord.kA, - wrapKb: wrapKb, - emailVerified: emailRecord.emailVerified, - }) - .then(async keyFetchToken => { - const passwordChangeToken = await db.createPasswordChangeToken( - { - uid: emailRecord.uid, - } - ); - return { - keyFetchToken: keyFetchToken, - passwordChangeToken: passwordChangeToken, - }; - }); - }); - }, - err => { - if (err.errno === error.ERRNO.ACCOUNT_UNKNOWN) { - customs.flag(request.app.clientAddress, { - email: form.email, - errno: err.errno, - }); - } - throw err; - } - ) - .then(tokens => { - return { - keyFetchToken: tokens.keyFetchToken.data, - passwordChangeToken: tokens.passwordChangeToken.data, - verified: tokens.keyFetchToken.emailVerified, - }; + await customs.check(request, form.email, 'passwordChange'); + let tokens; + try { + const emailRecord = await db.accountRecord.bind(db, form.email); + const password = new Password( + oldAuthPW, + emailRecord.authSalt, + emailRecord.verifierVersion + ); + const match = await signinUtils.checkPassword( + emailRecord, + password, + request.app.clientAddress + ); + if (!match) { + throw error.incorrectPassword(emailRecord.email, form.email); + } + const password = new Password( + oldAuthPW, + emailRecord.authSalt, + emailRecord.verifierVersion + ); + const wrapKb = await password.unwrap(emailRecord.wrapWrapKb); + const keyFetchToken = await db.createKeyFetchToken({ + uid: emailRecord.uid, + kA: emailRecord.kA, + wrapKb: wrapKb, + emailVerified: emailRecord.emailVerified, + }); + const passwordChangeToken = await db.createPasswordChangeToken({ + uid: emailRecord.uid, }); + tokens = { + keyFetchToken: keyFetchToken, + passwordChangeToken: passwordChangeToken, + }; + } catch (err) { + if (err.errno === error.ERRNO.ACCOUNT_UNKNOWN) { + customs.flag(request.app.clientAddress, { + email: form.email, + errno: err.errno, + }); + } + throw err; + } + return { + keyFetchToken: tokens.keyFetchToken.data, + passwordChangeToken: tokens.passwordChangeToken.data, + verified: tokens.keyFetchToken.emailVerified, + }; }, }, {