From 787044628fc27d82f8b2a485f22275b9465dd113 Mon Sep 17 00:00:00 2001 From: kolaente Date: Wed, 30 Dec 2020 21:43:14 +0100 Subject: [PATCH] Fix password reset without a reseet token --- pkg/user/error.go | 6 ++++++ pkg/user/user_password_reset.go | 4 ++++ pkg/user/user_test.go | 4 ++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/pkg/user/error.go b/pkg/user/error.go index 8b402f66..ef651d96 100644 --- a/pkg/user/error.go +++ b/pkg/user/error.go @@ -157,6 +157,12 @@ func (err ErrNoPasswordResetToken) HTTPError() web.HTTPError { return web.HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeNoPasswordResetToken, Message: "No token to reset a user's password provided."} } +// IsErrNoPasswordResetToken checks if an error is ErrNoPasswordResetToken +func IsErrNoPasswordResetToken(err error) bool { + _, ok := err.(ErrNoPasswordResetToken) + return ok +} + // ErrInvalidPasswordResetToken is an error where the password reset token is invalid type ErrInvalidPasswordResetToken struct { Token string diff --git a/pkg/user/user_password_reset.go b/pkg/user/user_password_reset.go index 88f44a81..6d0f0c26 100644 --- a/pkg/user/user_password_reset.go +++ b/pkg/user/user_password_reset.go @@ -39,6 +39,10 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) { return ErrNoUsernamePassword{} } + if reset.Token == "" { + return ErrNoPasswordResetToken{} + } + // Check if we have a token var user User exists, err := s. diff --git a/pkg/user/user_test.go b/pkg/user/user_test.go index ab3d5952..3e1d017c 100644 --- a/pkg/user/user_test.go +++ b/pkg/user/user_test.go @@ -410,12 +410,12 @@ func TestUserPasswordReset(t *testing.T) { defer s.Close() reset := &PasswordReset{ - Token: "somethingsomething", + Token: "", NewPassword: "12345", } err := ResetPassword(s, reset) assert.Error(t, err) - assert.True(t, IsErrInvalidPasswordResetToken(err)) + assert.True(t, IsErrNoPasswordResetToken(err)) }) t.Run("wrong token", func(t *testing.T) { db.LoadAndAssertFixtures(t)