Password reset with token only (#4)

2018-10-27 13:12:15 +00:00 · 2018-10-27 13:12:15 +00:00 · d0c30cb089
parent 0cfea682ea
commit d0c30cb089
4 changed files with 8 additions and 16 deletions
--- a/Featurecreep.md
+++ b/Featurecreep.md
@ -234,7 +234,7 @@ Teams sind global, d.h. Ein Team kann mehrere Namespaces verwalten.
 		-> Login/Register/Password-reset geht natürlich nicht
 		-> Bleibt noch Profile abrufen und Einstellungen -> Macht also keinen Sinn das auf den neuen Handler umzuziehen
 * [ ] Email-Verifizierung beim Registrieren
-* [ ] Password Reset -> Link via email oder so
+* [x] Password Reset -> Link via email oder so
 * [ ] Settings

 ### Later/Nice to have
--- a/REST-Tests/users.http
+++ b/REST-Tests/users.http
@ -36,8 +36,7 @@ Content-Type: application/json
 Accept: application/json

 {
-  "user_id": 1,
-  "token": "syPYBkzonBbWEXtHQlMDwDMWfsGgkeHWYRBncIDtVBrizTHBGDPnNbpjwtKtKfutUuzCTfQcXLTFgVTzDsmHcPxvrQxlKTmjPyyDLEEwnHkRntsweFyrymjfhiqZwwPCsPLegtnruaaFerjPNgmCXPVjsSGSDWjQcJsVgkljgjeeRwowxYQxMZeLlVHitEHkNfXnXUeEQmPmGLwPuGBGEXhHJpsckYwkOQTulJzDSrsynzNaHRbxQfdxthToFOzidOKzJKdesQKIocTfSDPXzvVKdlSPkZRiyNIbFxoiIWRGQFSHltmqzDwxudwcDbMMwaLQloUWZahhfkFRPKLoFQQezPgYecIihrewglYvQOZfNISKAWyHyWfOBWAkrtGODpuJlTLZwImYzNSX",
+  "token": "eAsZzakgqARnjzXHqsHqZtSUKuiOhoJjHANhgTxUIDBSalhbtdpAdLeywGXzVDBuRQGNpHdMxoHXhLVSlzpJsFvuoJgMdkhRhkNhaQXfufuZCdtUlerZHSJQLgYMUryHIxIREcmZLtWoZVrYyARkCvkyFhcGtoCwQOEjAOEZMQQuxTVoGYfAqcfNggQnerUcXCiRIgRtkusXSnltomhaeyRwAbrckXFeXxUjslgplSGqSTOqJTYuhrSzAVTwNvuYyvuXLaZoNnJEyeVDWlRydnxfgUQjQZOKwCBRWVQPKpZhlslLUyUAMsRQkHITkruQCjDnOGCCRsSNplbNCEuDmMfpWYHSQAcQIDZtbQWkxzpfmHDMQvvKPPrxEnrTErlvTfKDKICFYPQxXNpNE",
  "new_password": "1234"
 }

--- a/models/error.go
+++ b/models/error.go
@ -153,12 +153,11 @@ func (err ErrNoPasswordResetToken) HTTPError() HTTPError {

 // ErrInvalidPasswordResetToken is an error where the password reset token is invalid
 type ErrInvalidPasswordResetToken struct {
-	UserID int64
-	Token  string
+	Token string
 }

 func (err ErrInvalidPasswordResetToken) Error() string {
-	return fmt.Sprintf("Invalid token to reset a password [UserID: %d, Token: %s]", err.UserID, err.Token)
+	return fmt.Sprintf("Invalid token to reset a password [Token: %s]", err.Token)
 }

 // ErrCodeInvalidPasswordResetToken holds the unique world-error code of this error
@ -166,7 +165,7 @@ const ErrCodeInvalidPasswordResetToken = 1009

 // HTTPError holds the http error description
 func (err ErrInvalidPasswordResetToken) HTTPError() HTTPError {
-	return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password provided."}
+	return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password."}
 }

 // IsErrInvalidPasswordResetToken checks if an error is a ErrInvalidPasswordResetToken.
--- a/models/user_password_reset.go
+++ b/models/user_password_reset.go
@ -7,7 +7,6 @@ import (

 // PasswordReset holds the data to reset a password
 type PasswordReset struct {
-	UserID      int64  `json:"user_id"`
 	Token       string `json:"token"`
 	NewPassword string `json:"new_password"`
 }
@ -20,20 +19,15 @@ func UserPasswordReset(reset *PasswordReset) (err error) {
 		return ErrNoUsernamePassword{}
 	}

-	// Check if the user exists
-	user, err := GetUserByID(reset.UserID)
-	if err != nil {
-		return
-	}
-
 	// Check if we have a token
-	exists, err := x.Where("password_reset_token = ? AND id = ?", reset.Token, user.ID).Exist(&User{})
+	var user User
+	exists, err := x.Where("password_reset_token = ?", reset.Token).Get(&user)
 	if err != nil {
 		return
 	}

 	if !exists {
-		return ErrInvalidPasswordResetToken{UserID: reset.UserID, Token: reset.Token}
+		return ErrInvalidPasswordResetToken{Token: reset.Token}
 	}

 	// Hash the password