Can check security answers

src/controllers/AccountController.ts

@@ -115,4 +115,34 @@ export class AccountController {
 			]
 		})
 	}
+
+	/**
+	 * Check the answer given by the user
+	 * 
+	 * @param h Request handler
+	 */
+	public static async CheckSecurityAnswers(h: RequestHandler) {
+		const userID = await h.postUserIdFromEmail("email");
+		const settings = await UserHelper.GetUserInfo(userID);
+
+		if(!settings.hasSecurityQuestions)
+			h.error(401, "Specified user has not setup security questions !");
+		
+		// Get the answers of the user
+		const answers = h.postString("answers", 3).split("&")
+			.map((e) => decodeURIComponent(e).toLowerCase().trim());
+
+		if(answers.length != 2)
+			h.error(401, "Please specify two security answers !");
+		
+		// Check the answers
+		if(answers[0] != settings.security_answer_1.toLowerCase().trim() ||
+			answers[1] != settings.security_answer_2.toLowerCase().trim())
+			h.error(401, "Specified ecurity answers are invalid!");
+
+		// If we get there, security answers are valid, we can create a password reset token
+		h.send({
+			reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID)
+		});
+	}
 }

src/controllers/Routes.ts

@@ -49,6 +49,8 @@ export const Routes : Route[] = [
 
 	{path: "/account/get_security_questions", cb: (h) => AccountController.GetSecurityQuestions(h), needLogin: false},
 
+	{path: "/account/check_security_answers", cb: (h) => AccountController.CheckSecurityAnswers(h), needLogin: false},
+
 
 	// User controller
 	{path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false},