Can update user password using reset token

2024-11-23 13:59:29 +00:00 · 2018-05-26 15:59:47 +02:00 · 2018-05-26 15:59:47 +02:00 · d149eadfbe
commit d149eadfbe
parent 2bf74a9ad0
1 changed files with 43 additions and 9 deletions
--- a/RestControllers/accountController.php
+++ b/RestControllers/accountController.php
@ -182,20 +182,32 @@ class accountController {
 	 */
 	public function checkResetAccountToken(){

-		//Get the token
-		$token = postString("token", 10);
-		
-		//Validate the tokens
-		$userID = components()->account->getUserIDfromResetToken($token);
-
-		//Check if the user ID is valid
-		if($userID < 1)
-			Rest_fatal_error(401, "Invalid token!");
+		//Get user ID
+		$userID = $this->getUserIDFromPasswordResetToken("token");
 		
 		//The token is valid
 		return array("success" => "The token is valid.");
 	}

+	/**
+	 * Reset user password using reset token
+	 * 
+	 * @url POST /account/reset_user_passwd 
+	 */
+	public function resetPasswordUsingToken(){
+
+		//Get user ID
+		$userID = $this->getUserIDFromPasswordResetToken("token");
+
+		//Save new password
+		$newPassword = postString("password");
+		if(!components()->account->set_new_user_password($userID, $newPassword))
+			Rest_fatal_error(500, "Could not update user password!");
+
+		//Success
+		return array("success" => "Your password has been updated!");
+	}
+
 	/**
 	 * Create an account
 	 * 
@ -362,4 +374,26 @@ class accountController {
 		return $userID;

 	}
+
+	/**
+	 * Get the ID of a user from a password reset token
+	 * 
+	 * @param string $name The name of the post field containing token
+	 * @return int Associated user ID
+	 */
+	private function getUserIDFromPasswordResetToken(string $name) : int {
+
+		//Get the token
+		$token = postString($name, 10);
+		
+		//Validate the tokens
+		$userID = components()->account->getUserIDfromResetToken($token);
+
+		//Check if the user ID is valid
+		if($userID < 1)
+			Rest_fatal_error(401, "Invalid token!");
+
+		return $userID;
+
+	}
 }