Refactor user email confirmation + password reset handling (#919)
Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/919 Co-authored-by: konrad <konrad@kola-entertainments.de> Co-committed-by: konrad <konrad@kola-entertainments.de>
This commit is contained in:
konrad
@ -19,7 +19,6 @@ package user
|
||||
import (
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"code.vikunja.io/api/pkg/notifications"
|
||||
"code.vikunja.io/api/pkg/utils"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
@ -44,16 +43,17 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
|
||||
}
|
||||
|
||||
// Check if we have a token
|
||||
user := &User{}
|
||||
exists, err := s.
|
||||
Where("password_reset_token = ?", reset.Token).
|
||||
Get(user)
|
||||
token, err := getToken(s, reset.Token, TokenPasswordReset)
|
||||
if err != nil {
|
||||
return
|
||||
return err
|
||||
}
|
||||
if token == nil {
|
||||
return ErrInvalidPasswordResetToken{Token: reset.Token}
|
||||
}
|
||||
|
||||
if !exists {
|
||||
return ErrInvalidPasswordResetToken{Token: reset.Token}
|
||||
user, err := GetUserByID(s, token.UserID)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Hash the password
|
||||
@ -62,17 +62,20 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
|
||||
return
|
||||
}
|
||||
|
||||
// Save it
|
||||
user.PasswordResetToken = ""
|
||||
err = removeTokens(s, user, TokenEmailConfirm)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
_, err = s.
|
||||
Cols("password", "password_reset_token").
|
||||
Cols("password").
|
||||
Where("id = ?", user.ID).
|
||||
Update(user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Dont send a mail if we're testing
|
||||
// Dont send a mail if no mailer is configured
|
||||
if !config.MailerEnabled.GetBool() {
|
||||
return
|
||||
}
|
||||
@ -108,24 +111,19 @@ func RequestUserPasswordResetTokenByEmail(s *xorm.Session, tr *PasswordTokenRequ
|
||||
|
||||
// RequestUserPasswordResetToken sends a user a password reset email.
|
||||
func RequestUserPasswordResetToken(s *xorm.Session, user *User) (err error) {
|
||||
// Generate a token and save it
|
||||
user.PasswordResetToken = utils.MakeRandomString(400)
|
||||
|
||||
// Save it
|
||||
_, err = s.
|
||||
Where("id = ?", user.ID).
|
||||
Update(user)
|
||||
token, err := generateNewToken(s, user, TokenPasswordReset)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Dont send a mail if we're testing
|
||||
// Dont send a mail if no mailer is configured
|
||||
if !config.MailerEnabled.GetBool() {
|
||||
return
|
||||
}
|
||||
|
||||
n := &ResetPasswordNotification{
|
||||
User: user,
|
||||
User: user,
|
||||
Token: token,
|
||||
}
|
||||
|
||||
err = notifications.Notify(user, n)
|
||||
|
||||
Reference in New Issue
Block a user