Can update user password using reset token

This commit is contained in:
Pierre 2018-05-26 15:59:47 +02:00
parent 2bf74a9ad0
commit d149eadfbe

View File

@ -182,20 +182,32 @@ class accountController {
*/ */
public function checkResetAccountToken(){ public function checkResetAccountToken(){
//Get the token //Get user ID
$token = postString("token", 10); $userID = $this->getUserIDFromPasswordResetToken("token");
//Validate the tokens
$userID = components()->account->getUserIDfromResetToken($token);
//Check if the user ID is valid
if($userID < 1)
Rest_fatal_error(401, "Invalid token!");
//The token is valid //The token is valid
return array("success" => "The token is valid."); return array("success" => "The token is valid.");
} }
/**
* Reset user password using reset token
*
* @url POST /account/reset_user_passwd
*/
public function resetPasswordUsingToken(){
//Get user ID
$userID = $this->getUserIDFromPasswordResetToken("token");
//Save new password
$newPassword = postString("password");
if(!components()->account->set_new_user_password($userID, $newPassword))
Rest_fatal_error(500, "Could not update user password!");
//Success
return array("success" => "Your password has been updated!");
}
/** /**
* Create an account * Create an account
* *
@ -362,4 +374,26 @@ class accountController {
return $userID; return $userID;
} }
/**
* Get the ID of a user from a password reset token
*
* @param string $name The name of the post field containing token
* @return int Associated user ID
*/
private function getUserIDFromPasswordResetToken(string $name) : int {
//Get the token
$token = postString($name, 10);
//Validate the tokens
$userID = components()->account->getUserIDfromResetToken($token);
//Check if the user ID is valid
if($userID < 1)
Rest_fatal_error(401, "Invalid token!");
return $userID;
}
} }