Convert password reset token to user tokens

This commit is contained in:
kolaente 2021-07-12 22:32:36 +02:00
parent 442a945e60
commit f9dcd80375
Signed by: konrad
GPG Key ID: F40E70337AB24C9B
2 changed files with 18 additions and 23 deletions

View File

@ -57,8 +57,6 @@ type User struct {
Email string `xorm:"varchar(250) null" json:"email,omitempty" valid:"email,length(0|250)" maxLength:"250"`
IsActive bool `xorm:"null" json:"-"`
PasswordResetToken string `xorm:"varchar(450) null" json:"-"`
AvatarProvider string `xorm:"varchar(255) null" json:"-"`
AvatarFileID int64 `xorm:"null" json:"-"`

View File

@ -19,7 +19,6 @@ package user
import (
"code.vikunja.io/api/pkg/config"
"code.vikunja.io/api/pkg/notifications"
"code.vikunja.io/api/pkg/utils"
"xorm.io/xorm"
)
@ -44,16 +43,17 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
}
// Check if we have a token
user := &User{}
exists, err := s.
Where("password_reset_token = ?", reset.Token).
Get(user)
token, err := getToken(s, reset.Token, TokenPasswordReset)
if err != nil {
return
return err
}
if token == nil {
return ErrInvalidPasswordResetToken{Token: reset.Token}
}
if !exists {
return ErrInvalidPasswordResetToken{Token: reset.Token}
user, err := GetUserByID(s, token.UserID)
if err != nil {
return
}
// Hash the password
@ -62,17 +62,20 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
return
}
// Save it
user.PasswordResetToken = ""
err = removeTokens(s, user, TokenEmailConfirm)
if err != nil {
return
}
_, err = s.
Cols("password", "password_reset_token").
Cols("password").
Where("id = ?", user.ID).
Update(user)
if err != nil {
return
}
// Dont send a mail if we're testing
// Dont send a mail if no mailer is configured
if !config.MailerEnabled.GetBool() {
return
}
@ -108,13 +111,7 @@ func RequestUserPasswordResetTokenByEmail(s *xorm.Session, tr *PasswordTokenRequ
// RequestUserPasswordResetToken sends a user a password reset email.
func RequestUserPasswordResetToken(s *xorm.Session, user *User) (err error) {
// Generate a token and save it
user.PasswordResetToken = utils.MakeRandomString(400)
// Save it
_, err = s.
Where("id = ?", user.ID).
Update(user)
token, err := generateNewToken(s, user, TokenPasswordReset)
if err != nil {
return
}
@ -125,8 +122,8 @@ func RequestUserPasswordResetToken(s *xorm.Session, user *User) (err error) {
}
n := &ResetPasswordNotification{
User: user,
//Token: // TODO
User: user,
Token: token,
}
err = notifications.Notify(user, n)