Password reset ajax

spec/PublicAPI.spec.js

@@ -7,6 +7,27 @@ const request = function(url, callback) {
 };
 
 describe('public API', () => {
+  it('should return ajax response on ajax request', done => {
+    reconfigureServer({
+      publicServerURL: 'http://localhost:8378/1',
+    }).then(() => {
+      return req({
+        method: 'POST',
+        url: 'http://localhost:8378/1/apps/test/request_password_reset',
+        body: `new_password=user1&token=43634643&username=`,
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+          'X-Requested-With': 'XMLHttpRequest'
+        },
+        followRedirects: false,
+      })
+    }).catch(error => {
+      expect(error.status).not.toBe(302);
+      expect(error.text).toEqual('{"code":200,"error":"Missing username"}');
+      done()
+    })
+  });
+
   it('should get invalid_link.html', done => {
     request(
       'http://localhost:8378/1/apps/invalid_link.html',

src/Routers/PublicAPIRouter.js

@@ -152,41 +152,83 @@ export class PublicAPIRouter extends PromiseRouter {
     if (!config) {
       this.invalidRequest();
     }
-
     if (!config.publicServerURL) {
       return this.missingPublicServerURL();
     }
 
-    const { username, token, new_password } = req.body;
+    const {
+      username,
+      token,
+      new_password
+    } = req.body;
 
-    if (!username || !token || !new_password) {
+    if ((!username || !token || !new_password) && req.xhr === false) {
       return this.invalidLink(req);
     }
 
+    if (!username) {
+      throw new Parse.Error(
+        Parse.Error.USERNAME_MISSING,
+        'Missing username'
+      );
+    }
+
+    if (!token) {
+      throw new Parse.Error(
+        Parse.Error.OTHER_CAUSE,
+        'Missing token'
+      );
+    }
+
+    if (!new_password) {
+      throw new Parse.Error(
+        Parse.Error.PASSWORD_MISSING,
+        'Missing password'
+      );
+    }
+
     return config.userController
       .updatePassword(username, token, new_password)
       .then(
         () => {
-          const params = qs.stringify({ username: username });
           return Promise.resolve({
-            status: 302,
-            location: `${config.passwordResetSuccessURL}?${params}`,
-          });
-        },
-        err => {
-          const params = qs.stringify({
-            username: username,
-            token: token,
-            id: config.applicationId,
-            error: err,
-            app: config.appName,
+            success: true
           });
+
+        }, err => {
           return Promise.resolve({
-            status: 302,
-            location: `${config.choosePasswordURL}?${params}`,
+            success: false,
+            err
           });
+        })
+      .then(result => {
+        const params = _querystring.default.stringify({
+          username: username,
+          token: token,
+          id: config.applicationId,
+          error: result.err,
+          app: config.appName
+        });
+
+        if (req.xhr) {
+          if (result.success) {
+            return Promise.resolve({
+              status: 200,
+              response: 'Password successfully reset'
+            })
+          }
+
+          throw new Parse.Error(
+            Parse.Error.OTHER_CAUSE,
+            result.err
+          )
         }
-      );
+
+        return Promise.resolve({
+          status: 302,
+          location: `${result.success ? config.passwordResetSuccessURL : config.choosePasswordURL}?${params}`,
+        });
+      });
   }
 
   invalidLink(req) {