Password reset with token only (#4)

Featurecreep.md

@@ -234,7 +234,7 @@ Teams sind global, d.h. Ein Team kann mehrere Namespaces verwalten.
 		-> Login/Register/Password-reset geht natürlich nicht
 		-> Bleibt noch Profile abrufen und Einstellungen -> Macht also keinen Sinn das auf den neuen Handler umzuziehen
 * [ ] Email-Verifizierung beim Registrieren
-* [ ] Password Reset -> Link via email oder so
+* [x] Password Reset -> Link via email oder so
 * [ ] Settings
 
 ### Later/Nice to have

REST-Tests/users.http

@@ -36,8 +36,7 @@ Content-Type: application/json
 Accept: application/json
 
 {
-  "user_id": 1,
+  "token": "eAsZzakgqARnjzXHqsHqZtSUKuiOhoJjHANhgTxUIDBSalhbtdpAdLeywGXzVDBuRQGNpHdMxoHXhLVSlzpJsFvuoJgMdkhRhkNhaQXfufuZCdtUlerZHSJQLgYMUryHIxIREcmZLtWoZVrYyARkCvkyFhcGtoCwQOEjAOEZMQQuxTVoGYfAqcfNggQnerUcXCiRIgRtkusXSnltomhaeyRwAbrckXFeXxUjslgplSGqSTOqJTYuhrSzAVTwNvuYyvuXLaZoNnJEyeVDWlRydnxfgUQjQZOKwCBRWVQPKpZhlslLUyUAMsRQkHITkruQCjDnOGCCRsSNplbNCEuDmMfpWYHSQAcQIDZtbQWkxzpfmHDMQvvKPPrxEnrTErlvTfKDKICFYPQxXNpNE",
-  "token": "syPYBkzonBbWEXtHQlMDwDMWfsGgkeHWYRBncIDtVBrizTHBGDPnNbpjwtKtKfutUuzCTfQcXLTFgVTzDsmHcPxvrQxlKTmjPyyDLEEwnHkRntsweFyrymjfhiqZwwPCsPLegtnruaaFerjPNgmCXPVjsSGSDWjQcJsVgkljgjeeRwowxYQxMZeLlVHitEHkNfXnXUeEQmPmGLwPuGBGEXhHJpsckYwkOQTulJzDSrsynzNaHRbxQfdxthToFOzidOKzJKdesQKIocTfSDPXzvVKdlSPkZRiyNIbFxoiIWRGQFSHltmqzDwxudwcDbMMwaLQloUWZahhfkFRPKLoFQQezPgYecIihrewglYvQOZfNISKAWyHyWfOBWAkrtGODpuJlTLZwImYzNSX",
   "new_password": "1234"
 }
 

models/error.go

@@ -153,12 +153,11 @@ func (err ErrNoPasswordResetToken) HTTPError() HTTPError {
 
 // ErrInvalidPasswordResetToken is an error where the password reset token is invalid
 type ErrInvalidPasswordResetToken struct {
-	UserID int64
+	Token string
-	Token  string
 }
 
 func (err ErrInvalidPasswordResetToken) Error() string {
-	return fmt.Sprintf("Invalid token to reset a password [UserID: %d, Token: %s]", err.UserID, err.Token)
+	return fmt.Sprintf("Invalid token to reset a password [Token: %s]", err.Token)
 }
 
 // ErrCodeInvalidPasswordResetToken holds the unique world-error code of this error
@@ -166,7 +165,7 @@ const ErrCodeInvalidPasswordResetToken = 1009
 
 // HTTPError holds the http error description
 func (err ErrInvalidPasswordResetToken) HTTPError() HTTPError {
-	return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password provided."}
+	return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password."}
 }
 
 // IsErrInvalidPasswordResetToken checks if an error is a ErrInvalidPasswordResetToken.

models/user_password_reset.go

@@ -7,7 +7,6 @@ import (
 
 // PasswordReset holds the data to reset a password
 type PasswordReset struct {
-	UserID      int64  `json:"user_id"`
 	Token       string `json:"token"`
 	NewPassword string `json:"new_password"`
 }
@@ -20,20 +19,15 @@ func UserPasswordReset(reset *PasswordReset) (err error) {
 		return ErrNoUsernamePassword{}
 	}
 
-	// Check if the user exists
-	user, err := GetUserByID(reset.UserID)
-	if err != nil {
-		return
-	}
-
 	// Check if we have a token
-	exists, err := x.Where("password_reset_token = ? AND id = ?", reset.Token, user.ID).Exist(&User{})
+	var user User
+	exists, err := x.Where("password_reset_token = ?", reset.Token).Get(&user)
 	if err != nil {
 		return
 	}
 
 	if !exists {
-		return ErrInvalidPasswordResetToken{UserID: reset.UserID, Token: reset.Token}
+		return ErrInvalidPasswordResetToken{Token: reset.Token}
 	}
 
 	// Hash the password