Password reset with token only (#4)

This commit is contained in:
konrad 2018-10-27 13:12:15 +00:00 committed by Gitea
parent 0cfea682ea
commit d0c30cb089
4 changed files with 8 additions and 16 deletions

View file

@ -234,7 +234,7 @@ Teams sind global, d.h. Ein Team kann mehrere Namespaces verwalten.
-> Login/Register/Password-reset geht natürlich nicht
-> Bleibt noch Profile abrufen und Einstellungen -> Macht also keinen Sinn das auf den neuen Handler umzuziehen
* [ ] Email-Verifizierung beim Registrieren
* [ ] Password Reset -> Link via email oder so
* [x] Password Reset -> Link via email oder so
* [ ] Settings
### Later/Nice to have

View file

@ -36,8 +36,7 @@ Content-Type: application/json
Accept: application/json
{
"user_id": 1,
"token": "syPYBkzonBbWEXtHQlMDwDMWfsGgkeHWYRBncIDtVBrizTHBGDPnNbpjwtKtKfutUuzCTfQcXLTFgVTzDsmHcPxvrQxlKTmjPyyDLEEwnHkRntsweFyrymjfhiqZwwPCsPLegtnruaaFerjPNgmCXPVjsSGSDWjQcJsVgkljgjeeRwowxYQxMZeLlVHitEHkNfXnXUeEQmPmGLwPuGBGEXhHJpsckYwkOQTulJzDSrsynzNaHRbxQfdxthToFOzidOKzJKdesQKIocTfSDPXzvVKdlSPkZRiyNIbFxoiIWRGQFSHltmqzDwxudwcDbMMwaLQloUWZahhfkFRPKLoFQQezPgYecIihrewglYvQOZfNISKAWyHyWfOBWAkrtGODpuJlTLZwImYzNSX",
"token": "eAsZzakgqARnjzXHqsHqZtSUKuiOhoJjHANhgTxUIDBSalhbtdpAdLeywGXzVDBuRQGNpHdMxoHXhLVSlzpJsFvuoJgMdkhRhkNhaQXfufuZCdtUlerZHSJQLgYMUryHIxIREcmZLtWoZVrYyARkCvkyFhcGtoCwQOEjAOEZMQQuxTVoGYfAqcfNggQnerUcXCiRIgRtkusXSnltomhaeyRwAbrckXFeXxUjslgplSGqSTOqJTYuhrSzAVTwNvuYyvuXLaZoNnJEyeVDWlRydnxfgUQjQZOKwCBRWVQPKpZhlslLUyUAMsRQkHITkruQCjDnOGCCRsSNplbNCEuDmMfpWYHSQAcQIDZtbQWkxzpfmHDMQvvKPPrxEnrTErlvTfKDKICFYPQxXNpNE",
"new_password": "1234"
}

View file

@ -153,12 +153,11 @@ func (err ErrNoPasswordResetToken) HTTPError() HTTPError {
// ErrInvalidPasswordResetToken is an error where the password reset token is invalid
type ErrInvalidPasswordResetToken struct {
UserID int64
Token string
Token string
}
func (err ErrInvalidPasswordResetToken) Error() string {
return fmt.Sprintf("Invalid token to reset a password [UserID: %d, Token: %s]", err.UserID, err.Token)
return fmt.Sprintf("Invalid token to reset a password [Token: %s]", err.Token)
}
// ErrCodeInvalidPasswordResetToken holds the unique world-error code of this error
@ -166,7 +165,7 @@ const ErrCodeInvalidPasswordResetToken = 1009
// HTTPError holds the http error description
func (err ErrInvalidPasswordResetToken) HTTPError() HTTPError {
return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password provided."}
return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password."}
}
// IsErrInvalidPasswordResetToken checks if an error is a ErrInvalidPasswordResetToken.

View file

@ -7,7 +7,6 @@ import (
// PasswordReset holds the data to reset a password
type PasswordReset struct {
UserID int64 `json:"user_id"`
Token string `json:"token"`
NewPassword string `json:"new_password"`
}
@ -20,20 +19,15 @@ func UserPasswordReset(reset *PasswordReset) (err error) {
return ErrNoUsernamePassword{}
}
// Check if the user exists
user, err := GetUserByID(reset.UserID)
if err != nil {
return
}
// Check if we have a token
exists, err := x.Where("password_reset_token = ? AND id = ?", reset.Token, user.ID).Exist(&User{})
var user User
exists, err := x.Where("password_reset_token = ?", reset.Token).Get(&user)
if err != nil {
return
}
if !exists {
return ErrInvalidPasswordResetToken{UserID: reset.UserID, Token: reset.Token}
return ErrInvalidPasswordResetToken{Token: reset.Token}
}
// Hash the password