Fix password reset without a reseet token

This commit is contained in:
kolaente 2020-12-30 21:43:14 +01:00
parent c842b70cb5
commit 787044628f
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
3 changed files with 12 additions and 2 deletions

View file

@ -157,6 +157,12 @@ func (err ErrNoPasswordResetToken) HTTPError() web.HTTPError {
return web.HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeNoPasswordResetToken, Message: "No token to reset a user's password provided."}
}
// IsErrNoPasswordResetToken checks if an error is ErrNoPasswordResetToken
func IsErrNoPasswordResetToken(err error) bool {
_, ok := err.(ErrNoPasswordResetToken)
return ok
}
// ErrInvalidPasswordResetToken is an error where the password reset token is invalid
type ErrInvalidPasswordResetToken struct {
Token string

View file

@ -39,6 +39,10 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
return ErrNoUsernamePassword{}
}
if reset.Token == "" {
return ErrNoPasswordResetToken{}
}
// Check if we have a token
var user User
exists, err := s.

View file

@ -410,12 +410,12 @@ func TestUserPasswordReset(t *testing.T) {
defer s.Close()
reset := &PasswordReset{
Token: "somethingsomething",
Token: "",
NewPassword: "12345",
}
err := ResetPassword(s, reset)
assert.Error(t, err)
assert.True(t, IsErrInvalidPasswordResetToken(err))
assert.True(t, IsErrNoPasswordResetToken(err))
})
t.Run("wrong token", func(t *testing.T) {
db.LoadAndAssertFixtures(t)