2020-12-29 02:04:20 +01:00
|
|
|
// Vikunja is a to-do list application to facilitate your life.
|
2021-02-02 20:19:13 +01:00
|
|
|
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
|
2018-11-26 21:17:33 +01:00
|
|
|
//
|
2020-12-29 02:04:20 +01:00
|
|
|
// This program is free software: you can redistribute it and/or modify
|
2020-12-23 16:41:52 +01:00
|
|
|
// it under the terms of the GNU Affero General Public Licensee as published by
|
2019-12-04 20:39:56 +01:00
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
2018-11-26 21:17:33 +01:00
|
|
|
//
|
2020-12-29 02:04:20 +01:00
|
|
|
// This program is distributed in the hope that it will be useful,
|
2019-12-04 20:39:56 +01:00
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2020-12-23 16:41:52 +01:00
|
|
|
// GNU Affero General Public Licensee for more details.
|
2018-11-26 21:17:33 +01:00
|
|
|
//
|
2020-12-23 16:41:52 +01:00
|
|
|
// You should have received a copy of the GNU Affero General Public Licensee
|
2020-12-29 02:04:20 +01:00
|
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2018-11-26 21:17:33 +01:00
|
|
|
|
2020-01-26 18:08:06 +01:00
|
|
|
package user
|
2018-10-27 11:33:28 +02:00
|
|
|
|
|
|
|
import (
|
2019-07-06 22:12:26 +02:00
|
|
|
"code.vikunja.io/api/pkg/config"
|
2021-02-07 22:05:09 +01:00
|
|
|
"code.vikunja.io/api/pkg/notifications"
|
2020-12-23 16:32:28 +01:00
|
|
|
"xorm.io/xorm"
|
2018-10-27 11:33:28 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// PasswordReset holds the data to reset a password
|
|
|
|
type PasswordReset struct {
|
2019-01-03 23:22:06 +01:00
|
|
|
// The previously issued reset token.
|
|
|
|
Token string `json:"token"`
|
|
|
|
// The new password for this user.
|
2018-10-27 11:33:28 +02:00
|
|
|
NewPassword string `json:"new_password"`
|
|
|
|
}
|
|
|
|
|
2020-01-26 18:08:06 +01:00
|
|
|
// ResetPassword resets a users password
|
2020-12-23 16:32:28 +01:00
|
|
|
func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
|
2018-10-27 11:33:28 +02:00
|
|
|
|
|
|
|
// Check if the password is not empty
|
|
|
|
if reset.NewPassword == "" {
|
|
|
|
return ErrNoUsernamePassword{}
|
|
|
|
}
|
|
|
|
|
2020-12-30 21:43:14 +01:00
|
|
|
if reset.Token == "" {
|
|
|
|
return ErrNoPasswordResetToken{}
|
|
|
|
}
|
|
|
|
|
2018-10-27 11:33:28 +02:00
|
|
|
// Check if we have a token
|
2021-07-13 22:56:02 +02:00
|
|
|
token, err := getToken(s, reset.Token, TokenPasswordReset)
|
2018-10-27 11:33:28 +02:00
|
|
|
if err != nil {
|
2021-07-13 22:56:02 +02:00
|
|
|
return err
|
2018-10-27 11:33:28 +02:00
|
|
|
}
|
2021-07-13 22:56:02 +02:00
|
|
|
if token == nil {
|
2018-10-27 15:12:15 +02:00
|
|
|
return ErrInvalidPasswordResetToken{Token: reset.Token}
|
2018-10-27 11:33:28 +02:00
|
|
|
}
|
|
|
|
|
2021-07-13 22:56:02 +02:00
|
|
|
user, err := GetUserByID(s, token.UserID)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-10-27 11:33:28 +02:00
|
|
|
// Hash the password
|
2021-04-11 15:17:50 +02:00
|
|
|
user.Password, err = HashPassword(reset.NewPassword)
|
2018-10-27 11:33:28 +02:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-07-13 22:56:02 +02:00
|
|
|
err = removeTokens(s, user, TokenEmailConfirm)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-07-29 18:45:22 +02:00
|
|
|
user.Status = StatusActive
|
2020-12-23 16:32:28 +01:00
|
|
|
_, err = s.
|
2021-07-29 18:45:22 +02:00
|
|
|
Cols("password", "status").
|
2020-12-23 16:32:28 +01:00
|
|
|
Where("id = ?", user.ID).
|
2021-02-07 22:05:09 +01:00
|
|
|
Update(user)
|
2018-10-27 11:33:28 +02:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-07-13 22:56:02 +02:00
|
|
|
// Dont send a mail if no mailer is configured
|
2019-07-06 22:12:26 +02:00
|
|
|
if !config.MailerEnabled.GetBool() {
|
2018-10-28 17:11:13 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-10-27 11:33:28 +02:00
|
|
|
// Send a mail to the user to notify it his password was changed.
|
2021-02-07 22:05:09 +01:00
|
|
|
n := &PasswordChangedNotification{
|
|
|
|
User: user,
|
2018-10-27 11:33:28 +02:00
|
|
|
}
|
|
|
|
|
2021-02-07 22:05:09 +01:00
|
|
|
err = notifications.Notify(user, n)
|
2018-10-27 11:33:28 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// PasswordTokenRequest defines the request format for password reset resqest
|
|
|
|
type PasswordTokenRequest struct {
|
2019-01-03 23:22:06 +01:00
|
|
|
Email string `json:"email" valid:"email,length(0|250)" maxLength:"250"`
|
2018-10-27 11:33:28 +02:00
|
|
|
}
|
|
|
|
|
2020-08-13 17:34:02 +02:00
|
|
|
// RequestUserPasswordResetTokenByEmail inserts a random token to reset a users password into the databsse
|
2020-12-23 16:32:28 +01:00
|
|
|
func RequestUserPasswordResetTokenByEmail(s *xorm.Session, tr *PasswordTokenRequest) (err error) {
|
2019-04-21 20:18:17 +02:00
|
|
|
if tr.Email == "" {
|
|
|
|
return ErrNoUsernamePassword{}
|
|
|
|
}
|
|
|
|
|
2018-10-27 11:33:28 +02:00
|
|
|
// Check if the user exists
|
2020-12-23 16:32:28 +01:00
|
|
|
user, err := GetUserWithEmail(s, &User{Email: tr.Email})
|
2018-10-27 11:33:28 +02:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-12-23 16:32:28 +01:00
|
|
|
return RequestUserPasswordResetToken(s, user)
|
2020-08-13 17:34:02 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// RequestUserPasswordResetToken sends a user a password reset email.
|
2020-12-23 16:32:28 +01:00
|
|
|
func RequestUserPasswordResetToken(s *xorm.Session, user *User) (err error) {
|
2021-07-13 22:56:02 +02:00
|
|
|
token, err := generateNewToken(s, user, TokenPasswordReset)
|
2018-10-27 11:33:28 +02:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-07-13 22:56:02 +02:00
|
|
|
// Dont send a mail if no mailer is configured
|
2019-07-06 22:12:26 +02:00
|
|
|
if !config.MailerEnabled.GetBool() {
|
2018-10-28 17:11:13 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-02-07 22:05:09 +01:00
|
|
|
n := &ResetPasswordNotification{
|
2021-07-13 22:56:02 +02:00
|
|
|
User: user,
|
|
|
|
Token: token,
|
2018-10-27 11:33:28 +02:00
|
|
|
}
|
|
|
|
|
2021-02-07 22:05:09 +01:00
|
|
|
err = notifications.Notify(user, n)
|
2018-10-27 11:33:28 +02:00
|
|
|
return
|
|
|
|
}
|