Can check a password reset token

2024-11-22 13:29:22 +00:00 · 2019-12-30 12:11:33 +01:00 · 2019-12-30 12:11:33 +01:00 · 184e3f9127
commit 184e3f9127
parent 82ea8ce0a3
3 changed files with 53 additions and 0 deletions
--- a/src/controllers/AccountController.ts
+++ b/src/controllers/AccountController.ts
@ -145,4 +145,30 @@ export class AccountController {
 			reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID)
 		});
 	}
+
+	/**
+	 * Check the validity of a password reset Token
+	 * 
+	 * @param h Request handler
+	 */
+	public static async CheckPasswordResetToken(h: RequestHandler) {
+		await this.GetUserIDFromPasswordResetToken(h, "token");
+		h.success("The token is valid.");
+	}
+
+	/**
+	 * Get the user ID associated to a password reset token
+	 * 
+	 * @param h Request handler
+	 * @param name The name of the POST field containing the token
+	 */
+	private static async GetUserIDFromPasswordResetToken(h: RequestHandler, name: string) : Promise<number> {
+		const token = h.postString(name, 10);
+		const userID = await AccountHelper.GetUserIDFromPasswordResetToken(token);
+
+		if(userID < 1)
+			h.error(401, "Invalid password reset token!");
+		
+		return userID;
+	}
 }
--- a/src/controllers/Routes.ts
+++ b/src/controllers/Routes.ts
@ -51,6 +51,8 @@ export const Routes : Route[] = [

 	{path: "/account/check_security_answers", cb: (h) => AccountController.CheckSecurityAnswers(h), needLogin: false},

+	{path: "/account/check_password_reset_token", cb: (h) => AccountController.CheckPasswordResetToken(h), needLogin: false},
+

 	// User controller
 	{path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false},
--- a/src/helpers/AccountHelper.ts
+++ b/src/helpers/AccountHelper.ts
@ -231,4 +231,29 @@ export class AccountHelper {

 		return token;
 	}
+
+	/**
+	 * Get the ID of a user from a password reset token
+	 * 
+	 * @param token The token to use
+	 * @returns The ID of the user associated to the token, if it is valid / -1 else
+	 */
+	public static async GetUserIDFromPasswordResetToken(token: string) : Promise<number> {
+		
+		// Query the database
+		const result = await DatabaseHelper.QueryRow({
+			table: USER_TABLE,
+			where: {
+				password_reset_token: token,
+			},
+			customWhere: "password_reset_token_time_create > ?",
+			customWhereArgs:[(time()-60*60*24).toString()] // Tokens are valid for 24 hours
+		});
+
+		if(result == null)
+			return -1;
+
+		return result.ID;
+
+	}
 }