diff --git a/src/controllers/AccountController.ts b/src/controllers/AccountController.ts index c3502e6..13f22b1 100644 --- a/src/controllers/AccountController.ts +++ b/src/controllers/AccountController.ts @@ -152,10 +152,29 @@ export class AccountController { * @param h Request handler */ public static async CheckPasswordResetToken(h: RequestHandler) { + // We just get user ID to check the validity of the token await this.GetUserIDFromPasswordResetToken(h, "token"); h.success("The token is valid."); } + /** + * Reset user password + * + * @param h Request handler + */ + public static async ResetUserPassword(h: RequestHandler) { + const userID = await this.GetUserIDFromPasswordResetToken(h, "token"); + const newPassword = h.postString("password", 3); + + // Set new password + await AccountHelper.ChangePassword(userID, newPassword); + + // Destroy reset token + await AccountHelper.DestroyPasswordResetTokenForUser(userID); + + h.success("Password changed!"); + } + /** * Get the user ID associated to a password reset token * diff --git a/src/controllers/Routes.ts b/src/controllers/Routes.ts index 3250889..e6b3590 100644 --- a/src/controllers/Routes.ts +++ b/src/controllers/Routes.ts @@ -53,6 +53,8 @@ export const Routes : Route[] = [ {path: "/account/check_password_reset_token", cb: (h) => AccountController.CheckPasswordResetToken(h), needLogin: false}, + {path: "/account/reset_user_passwd", cb: (h) => AccountController.ResetUserPassword(h), needLogin: false}, + // User controller {path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false}, diff --git a/src/helpers/AccountHelper.ts b/src/helpers/AccountHelper.ts index cfaea07..6eff1f0 100644 --- a/src/helpers/AccountHelper.ts +++ b/src/helpers/AccountHelper.ts @@ -232,6 +232,24 @@ export class AccountHelper { return token; } + /** + * Destroy password reset token for a given user + * + * @param userID Target user ID + */ + public static async DestroyPasswordResetTokenForUser(userID: number) { + await DatabaseHelper.UpdateRows({ + table: USER_TABLE, + where: { + ID: userID + }, + set: { + password_reset_token: "", + password_reset_token_time_create: 85 // Value too low to be valid + } + }); + } + /** * Get the ID of a user from a password reset token * @@ -254,6 +272,23 @@ export class AccountHelper { return -1; return result.ID; + } + /** + * Change the password of the user + * + * @param userID Target user ID + * @param password Target password + */ + public static async ChangePassword(userID: number, password: string) { + await DatabaseHelper.UpdateRows({ + table: USER_TABLE, + where: { + ID: userID + }, + set: { + password: this.CryptPassword(password) + } + }); } } \ No newline at end of file