From 48cb254b9b5376e7cb89ed23f34b745d39c36fe3 Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Mon, 30 Dec 2019 13:20:24 +0100
Subject: [PATCH] Can change user password

---
 src/controllers/AccountController.ts | 19 +++++++++++++++
 src/controllers/Routes.ts            |  2 ++
 src/helpers/AccountHelper.ts         | 35 ++++++++++++++++++++++++++++
 3 files changed, 56 insertions(+)

diff --git a/src/controllers/AccountController.ts b/src/controllers/AccountController.ts
index c3502e6..13f22b1 100644
--- a/src/controllers/AccountController.ts
+++ b/src/controllers/AccountController.ts
@@ -152,10 +152,29 @@ export class AccountController {
 	 * @param h Request handler
 	 */
 	public static async CheckPasswordResetToken(h: RequestHandler) {
+		// We just get user ID to check the validity of the token
 		await this.GetUserIDFromPasswordResetToken(h, "token");
 		h.success("The token is valid.");
 	}
 
+	/**
+	 * Reset user password
+	 * 
+	 * @param h Request handler
+	 */
+	public static async ResetUserPassword(h: RequestHandler) {
+		const userID = await this.GetUserIDFromPasswordResetToken(h, "token");
+		const newPassword = h.postString("password", 3);
+
+		// Set new password
+		await AccountHelper.ChangePassword(userID, newPassword);
+
+		// Destroy reset token
+		await AccountHelper.DestroyPasswordResetTokenForUser(userID);
+
+		h.success("Password changed!");
+	}
+
 	/**
 	 * Get the user ID associated to a password reset token
 	 * 
diff --git a/src/controllers/Routes.ts b/src/controllers/Routes.ts
index 3250889..e6b3590 100644
--- a/src/controllers/Routes.ts
+++ b/src/controllers/Routes.ts
@@ -53,6 +53,8 @@ export const Routes : Route[] = [
 
 	{path: "/account/check_password_reset_token", cb: (h) => AccountController.CheckPasswordResetToken(h), needLogin: false},
 
+	{path: "/account/reset_user_passwd", cb: (h) => AccountController.ResetUserPassword(h), needLogin: false},
+
 
 	// User controller
 	{path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false},
diff --git a/src/helpers/AccountHelper.ts b/src/helpers/AccountHelper.ts
index cfaea07..6eff1f0 100644
--- a/src/helpers/AccountHelper.ts
+++ b/src/helpers/AccountHelper.ts
@@ -232,6 +232,24 @@ export class AccountHelper {
 		return token;
 	}
 
+	/**
+	 * Destroy password reset token for a given user
+	 * 
+	 * @param userID Target user ID
+	 */
+	public static async DestroyPasswordResetTokenForUser(userID: number) {
+		await DatabaseHelper.UpdateRows({
+			table: USER_TABLE,
+			where: {
+				ID: userID
+			},
+			set: {
+				password_reset_token: "",
+				password_reset_token_time_create: 85 // Value too low to be valid
+			}
+		});
+	}
+
 	/**
 	 * Get the ID of a user from a password reset token
 	 * 
@@ -254,6 +272,23 @@ export class AccountHelper {
 			return -1;
 
 		return result.ID;
+	}
 
+	/**
+	 * Change the password of the user
+	 * 
+	 * @param userID Target user ID
+	 * @param password Target password
+	 */
+	public static async ChangePassword(userID: number, password: string) {
+		await DatabaseHelper.UpdateRows({
+			table: USER_TABLE,
+			where: {
+				ID: userID
+			},
+			set: {
+				password: this.CryptPassword(password)
+			}
+		});
 	}
 }
\ No newline at end of file