vikunja-api/pkg/user/user_password_reset.go

119 lines
3 KiB
Go
Raw Normal View History

// Copyright2018-2020 Vikunja and contriubtors. All rights reserved.
2018-11-26 21:17:33 +01:00
//
// This file is part of Vikunja.
//
// Vikunja is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
2018-11-26 21:17:33 +01:00
//
// Vikunja is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
2018-11-26 21:17:33 +01:00
//
// You should have received a copy of the GNU General Public License
// along with Vikunja. If not, see <https://www.gnu.org/licenses/>.
2018-11-26 21:17:33 +01:00
package user
2018-10-27 11:33:28 +02:00
import (
"code.vikunja.io/api/pkg/config"
2018-10-31 13:42:38 +01:00
"code.vikunja.io/api/pkg/mail"
"code.vikunja.io/api/pkg/utils"
2018-10-27 11:33:28 +02:00
)
// PasswordReset holds the data to reset a password
type PasswordReset struct {
2019-01-03 23:22:06 +01:00
// The previously issued reset token.
Token string `json:"token"`
// The new password for this user.
2018-10-27 11:33:28 +02:00
NewPassword string `json:"new_password"`
}
// ResetPassword resets a users password
func ResetPassword(reset *PasswordReset) (err error) {
2018-10-27 11:33:28 +02:00
// Check if the password is not empty
if reset.NewPassword == "" {
return ErrNoUsernamePassword{}
}
// Check if we have a token
2018-10-27 15:12:15 +02:00
var user User
exists, err := x.Where("password_reset_token = ?", reset.Token).Get(&user)
2018-10-27 11:33:28 +02:00
if err != nil {
return
}
if !exists {
2018-10-27 15:12:15 +02:00
return ErrInvalidPasswordResetToken{Token: reset.Token}
2018-10-27 11:33:28 +02:00
}
// Hash the password
user.Password, err = hashPassword(reset.NewPassword)
if err != nil {
return
}
// Save it
_, err = x.Where("id = ?", user.ID).Update(&user)
if err != nil {
return
}
2018-10-28 17:11:13 +01:00
// Dont send a mail if we're testing
if !config.MailerEnabled.GetBool() {
2018-10-28 17:11:13 +01:00
return
}
2018-10-27 11:33:28 +02:00
// Send a mail to the user to notify it his password was changed.
data := map[string]interface{}{
"User": user,
}
mail.SendMailWithTemplate(user.Email, "Your password on Vikunja was changed", "password-changed", data)
return
}
// PasswordTokenRequest defines the request format for password reset resqest
type PasswordTokenRequest struct {
2019-01-03 23:22:06 +01:00
Email string `json:"email" valid:"email,length(0|250)" maxLength:"250"`
2018-10-27 11:33:28 +02:00
}
// RequestUserPasswordResetToken inserts a random token to reset a users password into the databsse
func RequestUserPasswordResetToken(tr *PasswordTokenRequest) (err error) {
2019-04-21 20:18:17 +02:00
if tr.Email == "" {
return ErrNoUsernamePassword{}
}
2018-10-27 11:33:28 +02:00
// Check if the user exists
2019-08-14 21:59:31 +02:00
user, err := GetUserWithEmail(&User{Email: tr.Email})
2018-10-27 11:33:28 +02:00
if err != nil {
return
}
// Generate a token and save it
user.PasswordResetToken = utils.MakeRandomString(400)
// Save it
2019-08-14 21:59:31 +02:00
_, err = x.Where("id = ?", user.ID).Update(user)
2018-10-27 11:33:28 +02:00
if err != nil {
return
}
2018-10-28 17:11:13 +01:00
// Dont send a mail if we're testing
if !config.MailerEnabled.GetBool() {
2018-10-28 17:11:13 +01:00
return
}
2018-10-27 11:33:28 +02:00
data := map[string]interface{}{
"User": user,
}
// Send the user a mail with the reset token
mail.SendMailWithTemplate(user.Email, "Reset your password on Vikunja", "reset-password", data)
return
}