Password reset with token only (#4)

2018-10-27 13:12:15 +00:00
parent 0cfea682ea
commit d0c30cb089
4 changed files with 8 additions and 16 deletions
--- a/models/error.go
+++ b/models/error.go
@ -153,12 +153,11 @@ func (err ErrNoPasswordResetToken) HTTPError() HTTPError {

 // ErrInvalidPasswordResetToken is an error where the password reset token is invalid
 type ErrInvalidPasswordResetToken struct {
-	UserID int64
-	Token  string
+	Token string
 }

 func (err ErrInvalidPasswordResetToken) Error() string {
-	return fmt.Sprintf("Invalid token to reset a password [UserID: %d, Token: %s]", err.UserID, err.Token)
+	return fmt.Sprintf("Invalid token to reset a password [Token: %s]", err.Token)
 }

 // ErrCodeInvalidPasswordResetToken holds the unique world-error code of this error
@ -166,7 +165,7 @@ const ErrCodeInvalidPasswordResetToken = 1009

 // HTTPError holds the http error description
 func (err ErrInvalidPasswordResetToken) HTTPError() HTTPError {
-	return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password provided."}
+	return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password."}
 }

 // IsErrInvalidPasswordResetToken checks if an error is a ErrInvalidPasswordResetToken.
--- a/models/user_password_reset.go
+++ b/models/user_password_reset.go
@ -7,7 +7,6 @@ import (

 // PasswordReset holds the data to reset a password
 type PasswordReset struct {
-	UserID      int64  `json:"user_id"`
 	Token       string `json:"token"`
 	NewPassword string `json:"new_password"`
 }
@ -20,20 +19,15 @@ func UserPasswordReset(reset *PasswordReset) (err error) {
 		return ErrNoUsernamePassword{}
 	}

-	// Check if the user exists
-	user, err := GetUserByID(reset.UserID)
-	if err != nil {
-		return
-	}
-
 	// Check if we have a token
-	exists, err := x.Where("password_reset_token = ? AND id = ?", reset.Token, user.ID).Exist(&User{})
+	var user User
+	exists, err := x.Where("password_reset_token = ?", reset.Token).Get(&user)
 	if err != nil {
 		return
 	}

 	if !exists {
-		return ErrInvalidPasswordResetToken{UserID: reset.UserID, Token: reset.Token}
+		return ErrInvalidPasswordResetToken{Token: reset.Token}
 	}

 	// Hash the password