Fix password reset without a reseet token

This commit is contained in:
kolaente 2020-12-30 21:43:14 +01:00
parent c842b70cb5
commit 787044628f
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
3 changed files with 12 additions and 2 deletions

View file

@ -157,6 +157,12 @@ func (err ErrNoPasswordResetToken) HTTPError() web.HTTPError {
return web.HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeNoPasswordResetToken, Message: "No token to reset a user's password provided."} return web.HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeNoPasswordResetToken, Message: "No token to reset a user's password provided."}
} }
// IsErrNoPasswordResetToken checks if an error is ErrNoPasswordResetToken
func IsErrNoPasswordResetToken(err error) bool {
_, ok := err.(ErrNoPasswordResetToken)
return ok
}
// ErrInvalidPasswordResetToken is an error where the password reset token is invalid // ErrInvalidPasswordResetToken is an error where the password reset token is invalid
type ErrInvalidPasswordResetToken struct { type ErrInvalidPasswordResetToken struct {
Token string Token string

View file

@ -39,6 +39,10 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
return ErrNoUsernamePassword{} return ErrNoUsernamePassword{}
} }
if reset.Token == "" {
return ErrNoPasswordResetToken{}
}
// Check if we have a token // Check if we have a token
var user User var user User
exists, err := s. exists, err := s.

View file

@ -410,12 +410,12 @@ func TestUserPasswordReset(t *testing.T) {
defer s.Close() defer s.Close()
reset := &PasswordReset{ reset := &PasswordReset{
Token: "somethingsomething", Token: "",
NewPassword: "12345", NewPassword: "12345",
} }
err := ResetPassword(s, reset) err := ResetPassword(s, reset)
assert.Error(t, err) assert.Error(t, err)
assert.True(t, IsErrInvalidPasswordResetToken(err)) assert.True(t, IsErrNoPasswordResetToken(err))
}) })
t.Run("wrong token", func(t *testing.T) { t.Run("wrong token", func(t *testing.T) {
db.LoadAndAssertFixtures(t) db.LoadAndAssertFixtures(t)