mirror of
https://gitlab.com/comunic/comunicapiv2
synced 2024-11-26 07:19:23 +00:00
Can check a password reset token
This commit is contained in:
parent
82ea8ce0a3
commit
184e3f9127
@ -145,4 +145,30 @@ export class AccountController {
|
|||||||
reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID)
|
reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID)
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check the validity of a password reset Token
|
||||||
|
*
|
||||||
|
* @param h Request handler
|
||||||
|
*/
|
||||||
|
public static async CheckPasswordResetToken(h: RequestHandler) {
|
||||||
|
await this.GetUserIDFromPasswordResetToken(h, "token");
|
||||||
|
h.success("The token is valid.");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the user ID associated to a password reset token
|
||||||
|
*
|
||||||
|
* @param h Request handler
|
||||||
|
* @param name The name of the POST field containing the token
|
||||||
|
*/
|
||||||
|
private static async GetUserIDFromPasswordResetToken(h: RequestHandler, name: string) : Promise<number> {
|
||||||
|
const token = h.postString(name, 10);
|
||||||
|
const userID = await AccountHelper.GetUserIDFromPasswordResetToken(token);
|
||||||
|
|
||||||
|
if(userID < 1)
|
||||||
|
h.error(401, "Invalid password reset token!");
|
||||||
|
|
||||||
|
return userID;
|
||||||
|
}
|
||||||
}
|
}
|
@ -51,6 +51,8 @@ export const Routes : Route[] = [
|
|||||||
|
|
||||||
{path: "/account/check_security_answers", cb: (h) => AccountController.CheckSecurityAnswers(h), needLogin: false},
|
{path: "/account/check_security_answers", cb: (h) => AccountController.CheckSecurityAnswers(h), needLogin: false},
|
||||||
|
|
||||||
|
{path: "/account/check_password_reset_token", cb: (h) => AccountController.CheckPasswordResetToken(h), needLogin: false},
|
||||||
|
|
||||||
|
|
||||||
// User controller
|
// User controller
|
||||||
{path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false},
|
{path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false},
|
||||||
|
@ -231,4 +231,29 @@ export class AccountHelper {
|
|||||||
|
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the ID of a user from a password reset token
|
||||||
|
*
|
||||||
|
* @param token The token to use
|
||||||
|
* @returns The ID of the user associated to the token, if it is valid / -1 else
|
||||||
|
*/
|
||||||
|
public static async GetUserIDFromPasswordResetToken(token: string) : Promise<number> {
|
||||||
|
|
||||||
|
// Query the database
|
||||||
|
const result = await DatabaseHelper.QueryRow({
|
||||||
|
table: USER_TABLE,
|
||||||
|
where: {
|
||||||
|
password_reset_token: token,
|
||||||
|
},
|
||||||
|
customWhere: "password_reset_token_time_create > ?",
|
||||||
|
customWhereArgs:[(time()-60*60*24).toString()] // Tokens are valid for 24 hours
|
||||||
|
});
|
||||||
|
|
||||||
|
if(result == null)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
return result.ID;
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user