Convert password reset token to user tokens
This commit is contained in:
parent
442a945e60
commit
f9dcd80375
@ -57,8 +57,6 @@ type User struct {
|
||||
Email string `xorm:"varchar(250) null" json:"email,omitempty" valid:"email,length(0|250)" maxLength:"250"`
|
||||
IsActive bool `xorm:"null" json:"-"`
|
||||
|
||||
PasswordResetToken string `xorm:"varchar(450) null" json:"-"`
|
||||
|
||||
AvatarProvider string `xorm:"varchar(255) null" json:"-"`
|
||||
AvatarFileID int64 `xorm:"null" json:"-"`
|
||||
|
||||
|
@ -19,7 +19,6 @@ package user
|
||||
import (
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"code.vikunja.io/api/pkg/notifications"
|
||||
"code.vikunja.io/api/pkg/utils"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
@ -44,16 +43,17 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
|
||||
}
|
||||
|
||||
// Check if we have a token
|
||||
user := &User{}
|
||||
exists, err := s.
|
||||
Where("password_reset_token = ?", reset.Token).
|
||||
Get(user)
|
||||
token, err := getToken(s, reset.Token, TokenPasswordReset)
|
||||
if err != nil {
|
||||
return
|
||||
return err
|
||||
}
|
||||
if token == nil {
|
||||
return ErrInvalidPasswordResetToken{Token: reset.Token}
|
||||
}
|
||||
|
||||
if !exists {
|
||||
return ErrInvalidPasswordResetToken{Token: reset.Token}
|
||||
user, err := GetUserByID(s, token.UserID)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Hash the password
|
||||
@ -62,17 +62,20 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
|
||||
return
|
||||
}
|
||||
|
||||
// Save it
|
||||
user.PasswordResetToken = ""
|
||||
err = removeTokens(s, user, TokenEmailConfirm)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
_, err = s.
|
||||
Cols("password", "password_reset_token").
|
||||
Cols("password").
|
||||
Where("id = ?", user.ID).
|
||||
Update(user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Dont send a mail if we're testing
|
||||
// Dont send a mail if no mailer is configured
|
||||
if !config.MailerEnabled.GetBool() {
|
||||
return
|
||||
}
|
||||
@ -108,13 +111,7 @@ func RequestUserPasswordResetTokenByEmail(s *xorm.Session, tr *PasswordTokenRequ
|
||||
|
||||
// RequestUserPasswordResetToken sends a user a password reset email.
|
||||
func RequestUserPasswordResetToken(s *xorm.Session, user *User) (err error) {
|
||||
// Generate a token and save it
|
||||
user.PasswordResetToken = utils.MakeRandomString(400)
|
||||
|
||||
// Save it
|
||||
_, err = s.
|
||||
Where("id = ?", user.ID).
|
||||
Update(user)
|
||||
token, err := generateNewToken(s, user, TokenPasswordReset)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -125,8 +122,8 @@ func RequestUserPasswordResetToken(s *xorm.Session, user *User) (err error) {
|
||||
}
|
||||
|
||||
n := &ResetPasswordNotification{
|
||||
User: user,
|
||||
//Token: // TODO
|
||||
User: user,
|
||||
Token: token,
|
||||
}
|
||||
|
||||
err = notifications.Notify(user, n)
|
||||
|
Loading…
x
Reference in New Issue
Block a user