diff --git a/Featurecreep.md b/Featurecreep.md index ee7153724..7d55eb95b 100644 --- a/Featurecreep.md +++ b/Featurecreep.md @@ -234,7 +234,7 @@ Teams sind global, d.h. Ein Team kann mehrere Namespaces verwalten. -> Login/Register/Password-reset geht natürlich nicht -> Bleibt noch Profile abrufen und Einstellungen -> Macht also keinen Sinn das auf den neuen Handler umzuziehen * [ ] Email-Verifizierung beim Registrieren -* [ ] Password Reset -> Link via email oder so +* [x] Password Reset -> Link via email oder so * [ ] Settings ### Later/Nice to have diff --git a/REST-Tests/users.http b/REST-Tests/users.http index b830104cd..c6a889154 100644 --- a/REST-Tests/users.http +++ b/REST-Tests/users.http @@ -36,8 +36,7 @@ Content-Type: application/json Accept: application/json { - "user_id": 1, - "token": "syPYBkzonBbWEXtHQlMDwDMWfsGgkeHWYRBncIDtVBrizTHBGDPnNbpjwtKtKfutUuzCTfQcXLTFgVTzDsmHcPxvrQxlKTmjPyyDLEEwnHkRntsweFyrymjfhiqZwwPCsPLegtnruaaFerjPNgmCXPVjsSGSDWjQcJsVgkljgjeeRwowxYQxMZeLlVHitEHkNfXnXUeEQmPmGLwPuGBGEXhHJpsckYwkOQTulJzDSrsynzNaHRbxQfdxthToFOzidOKzJKdesQKIocTfSDPXzvVKdlSPkZRiyNIbFxoiIWRGQFSHltmqzDwxudwcDbMMwaLQloUWZahhfkFRPKLoFQQezPgYecIihrewglYvQOZfNISKAWyHyWfOBWAkrtGODpuJlTLZwImYzNSX", + "token": "eAsZzakgqARnjzXHqsHqZtSUKuiOhoJjHANhgTxUIDBSalhbtdpAdLeywGXzVDBuRQGNpHdMxoHXhLVSlzpJsFvuoJgMdkhRhkNhaQXfufuZCdtUlerZHSJQLgYMUryHIxIREcmZLtWoZVrYyARkCvkyFhcGtoCwQOEjAOEZMQQuxTVoGYfAqcfNggQnerUcXCiRIgRtkusXSnltomhaeyRwAbrckXFeXxUjslgplSGqSTOqJTYuhrSzAVTwNvuYyvuXLaZoNnJEyeVDWlRydnxfgUQjQZOKwCBRWVQPKpZhlslLUyUAMsRQkHITkruQCjDnOGCCRsSNplbNCEuDmMfpWYHSQAcQIDZtbQWkxzpfmHDMQvvKPPrxEnrTErlvTfKDKICFYPQxXNpNE", "new_password": "1234" } diff --git a/models/error.go b/models/error.go index 1c2a3677e..14527111d 100644 --- a/models/error.go +++ b/models/error.go @@ -153,12 +153,11 @@ func (err ErrNoPasswordResetToken) HTTPError() HTTPError { // ErrInvalidPasswordResetToken is an error where the password reset token is invalid type ErrInvalidPasswordResetToken struct { - UserID int64 - Token string + Token string } func (err ErrInvalidPasswordResetToken) Error() string { - return fmt.Sprintf("Invalid token to reset a password [UserID: %d, Token: %s]", err.UserID, err.Token) + return fmt.Sprintf("Invalid token to reset a password [Token: %s]", err.Token) } // ErrCodeInvalidPasswordResetToken holds the unique world-error code of this error @@ -166,7 +165,7 @@ const ErrCodeInvalidPasswordResetToken = 1009 // HTTPError holds the http error description func (err ErrInvalidPasswordResetToken) HTTPError() HTTPError { - return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password provided."} + return HTTPError{HTTPCode: http.StatusPreconditionFailed, Code: ErrCodeInvalidPasswordResetToken, Message: "Invalid token to reset a user's password."} } // IsErrInvalidPasswordResetToken checks if an error is a ErrInvalidPasswordResetToken. diff --git a/models/user_password_reset.go b/models/user_password_reset.go index ed750a0f1..b87b6de65 100644 --- a/models/user_password_reset.go +++ b/models/user_password_reset.go @@ -7,7 +7,6 @@ import ( // PasswordReset holds the data to reset a password type PasswordReset struct { - UserID int64 `json:"user_id"` Token string `json:"token"` NewPassword string `json:"new_password"` } @@ -20,20 +19,15 @@ func UserPasswordReset(reset *PasswordReset) (err error) { return ErrNoUsernamePassword{} } - // Check if the user exists - user, err := GetUserByID(reset.UserID) - if err != nil { - return - } - // Check if we have a token - exists, err := x.Where("password_reset_token = ? AND id = ?", reset.Token, user.ID).Exist(&User{}) + var user User + exists, err := x.Where("password_reset_token = ?", reset.Token).Get(&user) if err != nil { return } if !exists { - return ErrInvalidPasswordResetToken{UserID: reset.UserID, Token: reset.Token} + return ErrInvalidPasswordResetToken{Token: reset.Token} } // Hash the password