Can change user password

2025-11-04 11:34:04 +00:00 · 2019-12-30 13:20:24 +01:00
parent 184e3f9127
commit 48cb254b9b
3 changed files with 56 additions and 0 deletions
--- a/src/controllers/AccountController.ts
+++ b/src/controllers/AccountController.ts
@@ -152,10 +152,29 @@ export class AccountController {
 	 * @param h Request handler
 	 */
 	public static async CheckPasswordResetToken(h: RequestHandler) {
+		// We just get user ID to check the validity of the token
 		await this.GetUserIDFromPasswordResetToken(h, "token");
 		h.success("The token is valid.");
 	}

+	/**
+	 * Reset user password
+	 * 
+	 * @param h Request handler
+	 */
+	public static async ResetUserPassword(h: RequestHandler) {
+		const userID = await this.GetUserIDFromPasswordResetToken(h, "token");
+		const newPassword = h.postString("password", 3);
+
+		// Set new password
+		await AccountHelper.ChangePassword(userID, newPassword);
+
+		// Destroy reset token
+		await AccountHelper.DestroyPasswordResetTokenForUser(userID);
+
+		h.success("Password changed!");
+	}
+
 	/**
 	 * Get the user ID associated to a password reset token
 	 * 
--- a/src/controllers/Routes.ts
+++ b/src/controllers/Routes.ts
@@ -53,6 +53,8 @@ export const Routes : Route[] = [

 	{path: "/account/check_password_reset_token", cb: (h) => AccountController.CheckPasswordResetToken(h), needLogin: false},

+	{path: "/account/reset_user_passwd", cb: (h) => AccountController.ResetUserPassword(h), needLogin: false},
+

 	// User controller
 	{path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false},
--- a/src/helpers/AccountHelper.ts
+++ b/src/helpers/AccountHelper.ts
@@ -232,6 +232,24 @@ export class AccountHelper {
 		return token;
 	}

+	/**
+	 * Destroy password reset token for a given user
+	 * 
+	 * @param userID Target user ID
+	 */
+	public static async DestroyPasswordResetTokenForUser(userID: number) {
+		await DatabaseHelper.UpdateRows({
+			table: USER_TABLE,
+			where: {
+				ID: userID
+			},
+			set: {
+				password_reset_token: "",
+				password_reset_token_time_create: 85 // Value too low to be valid
+			}
+		});
+	}
+
 	/**
 	 * Get the ID of a user from a password reset token
 	 * 
@@ -254,6 +272,23 @@ export class AccountHelper {
 			return -1;

 		return result.ID;
+	}

+	/**
+	 * Change the password of the user
+	 * 
+	 * @param userID Target user ID
+	 * @param password Target password
+	 */
+	public static async ChangePassword(userID: number, password: string) {
+		await DatabaseHelper.UpdateRows({
+			table: USER_TABLE,
+			where: {
+				ID: userID
+			},
+			set: {
+				password: this.CryptPassword(password)
+			}
+		});
 	}
 }