Password reset with token only (#4)
This commit is contained in:
parent
0cfea682ea
commit
d0c30cb089
4 changed files with 8 additions and 16 deletions
|
@ -234,7 +234,7 @@ Teams sind global, d.h. Ein Team kann mehrere Namespaces verwalten.
|
|||
-> Login/Register/Password-reset geht natürlich nicht
|
||||
-> Bleibt noch Profile abrufen und Einstellungen -> Macht also keinen Sinn das auf den neuen Handler umzuziehen
|
||||
* [ ] Email-Verifizierung beim Registrieren
|
||||
* [ ] Password Reset -> Link via email oder so
|
||||
* [x] Password Reset -> Link via email oder so
|
||||
* [ ] Settings
|
||||
|
||||
### Later/Nice to have
|
||||
|
|
|
@ -36,8 +36,7 @@ Content-Type: application/json
|
|||
Accept: application/json
|
||||
|
||||
{
|
||||
"user_id": 1,
|
||||
"token": "syPYBkzonBbWEXtHQlMDwDMWfsGgkeHWYRBncIDtVBrizTHBGDPnNbpjwtKtKfutUuzCTfQcXLTFgVTzDsmHcPxvrQxlKTmjPyyDLEEwnHkRntsweFyrymjfhiqZwwPCsPLegtnruaaFerjPNgmCXPVjsSGSDWjQcJsVgkljgjeeRwowxYQxMZeLlVHitEHkNfXnXUeEQmPmGLwPuGBGEXhHJpsckYwkOQTulJzDSrsynzNaHRbxQfdxthToFOzidOKzJKdesQKIocTfSDPXzvVKdlSPkZRiyNIbFxoiIWRGQFSHltmqzDwxudwcDbMMwaLQloUWZahhfkFRPKLoFQQezPgYecIihrewglYvQOZfNISKAWyHyWfOBWAkrtGODpuJlTLZwImYzNSX",
|
||||
"token": "eAsZzakgqARnjzXHqsHqZtSUKuiOhoJjHANhgTxUIDBSalhbtdpAdLeywGXzVDBuRQGNpHdMxoHXhLVSlzpJsFvuoJgMdkhRhkNhaQXfufuZCdtUlerZHSJQLgYMUryHIxIREcmZLtWoZVrYyARkCvkyFhcGtoCwQOEjAOEZMQQuxTVoGYfAqcfNggQnerUcXCiRIgRtkusXSnltomhaeyRwAbrckXFeXxUjslgplSGqSTOqJTYuhrSzAVTwNvuYyvuXLaZoNnJEyeVDWlRydnxfgUQjQZOKwCBRWVQPKpZhlslLUyUAMsRQkHITkruQCjDnOGCCRsSNplbNCEuDmMfpWYHSQAcQIDZtbQWkxzpfmHDMQvvKPPrxEnrTErlvTfKDKICFYPQxXNpNE",
|
||||
"new_password": "1234"
|
||||
}
|
||||
|
||||
|
|
|
@ -153,12 +153,11 @@ func (err ErrNoPasswordResetToken) HTTPError() HTTPError {
|
|||
|
||||
// ErrInvalidPasswordResetToken is an error where the password reset token is invalid
|
||||
type ErrInvalidPasswordResetToken struct {
|
||||
UserID int64
|
||||
Token string
|
||||
Token string
|
||||
}
|
||||
|
||||
func (err ErrInvalidPasswordResetToken) Error() string {
|
||||
return fmt.Sprintf("Invalid token to reset a password [UserID: %d, Token: %s]", err.UserID, err.Token)
|
||||
return fmt.Sprintf("Invalid token to reset a password [Token: %s]", err.Token)
|
||||
}
|
||||
|
||||
// ErrCodeInvalidPasswordResetToken holds the unique world-error code of this error
|
||||
|
@ -166,7 +165,7 @@ const ErrCodeInvalidPasswordResetToken = 1009
|
|||
|
||||
// HTTPError holds the http error description
|
||||
func (err ErrInvalidPasswordResetToken) HTTPError() HTTPError {
|
||||
return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password provided."}
|
||||
return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password."}
|
||||
}
|
||||
|
||||
// IsErrInvalidPasswordResetToken checks if an error is a ErrInvalidPasswordResetToken.
|
||||
|
|
|
@ -7,7 +7,6 @@ import (
|
|||
|
||||
// PasswordReset holds the data to reset a password
|
||||
type PasswordReset struct {
|
||||
UserID int64 `json:"user_id"`
|
||||
Token string `json:"token"`
|
||||
NewPassword string `json:"new_password"`
|
||||
}
|
||||
|
@ -20,20 +19,15 @@ func UserPasswordReset(reset *PasswordReset) (err error) {
|
|||
return ErrNoUsernamePassword{}
|
||||
}
|
||||
|
||||
// Check if the user exists
|
||||
user, err := GetUserByID(reset.UserID)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Check if we have a token
|
||||
exists, err := x.Where("password_reset_token = ? AND id = ?", reset.Token, user.ID).Exist(&User{})
|
||||
var user User
|
||||
exists, err := x.Where("password_reset_token = ?", reset.Token).Get(&user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if !exists {
|
||||
return ErrInvalidPasswordResetToken{UserID: reset.UserID, Token: reset.Token}
|
||||
return ErrInvalidPasswordResetToken{Token: reset.Token}
|
||||
}
|
||||
|
||||
// Hash the password
|
||||
|
|
Loading…
Reference in a new issue