Can check security answers

2025-11-04 11:34:04 +00:00 · 2019-12-30 08:36:55 +01:00
parent 95069423f5
commit 82ea8ce0a3
3 changed files with 58 additions and 0 deletions
--- a/src/controllers/AccountController.ts
+++ b/src/controllers/AccountController.ts
@@ -115,4 +115,34 @@ export class AccountController {
 			]
 		})
 	}
+
+	/**
+	 * Check the answer given by the user
+	 * 
+	 * @param h Request handler
+	 */
+	public static async CheckSecurityAnswers(h: RequestHandler) {
+		const userID = await h.postUserIdFromEmail("email");
+		const settings = await UserHelper.GetUserInfo(userID);
+
+		if(!settings.hasSecurityQuestions)
+			h.error(401, "Specified user has not setup security questions !");
+		
+		// Get the answers of the user
+		const answers = h.postString("answers", 3).split("&")
+			.map((e) => decodeURIComponent(e).toLowerCase().trim());
+
+		if(answers.length != 2)
+			h.error(401, "Please specify two security answers !");
+		
+		// Check the answers
+		if(answers[0] != settings.security_answer_1.toLowerCase().trim() ||
+			answers[1] != settings.security_answer_2.toLowerCase().trim())
+			h.error(401, "Specified ecurity answers are invalid!");
+
+		// If we get there, security answers are valid, we can create a password reset token
+		h.send({
+			reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID)
+		});
+	}
 }
--- a/src/controllers/Routes.ts
+++ b/src/controllers/Routes.ts
@@ -49,6 +49,8 @@ export const Routes : Route[] = [

 	{path: "/account/get_security_questions", cb: (h) => AccountController.GetSecurityQuestions(h), needLogin: false},

+	{path: "/account/check_security_answers", cb: (h) => AccountController.CheckSecurityAnswers(h), needLogin: false},
+

 	// User controller
 	{path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false},
--- a/src/helpers/AccountHelper.ts
+++ b/src/helpers/AccountHelper.ts
@@ -3,6 +3,7 @@ import { APIClient } from "../entities/APIClient";
 import { UserLoginTokens } from "../entities/UserLoginTokens";
 import { DatabaseHelper } from "./DatabaseHelper";
 import { UserHelper } from "./UserHelper";
+import { time } from "../utils/DateUtils";

 /**
 * Account helper
@@ -205,4 +206,29 @@ export class AccountHelper {

 		return foundUser < 1 || userID == foundUser;
 	}
+
+	/**
+	 * Generate a new token to reset an account password
+	 * 
+	 * @param userID Target user ID
+	 * @returns Generated token
+	 */
+	public static async GenerateNewPasswordResetToken(userID: number) : Promise<string> {
+		
+		// Generate a token
+		const token = randomStr(255);
+
+		await DatabaseHelper.UpdateRows({
+			table: USER_TABLE,
+			where: {
+				ID: userID
+			},
+			set: {
+				password_reset_token: token,
+				password_reset_token_time_create: time()
+			}
+		});
+
+		return token;
+	}
 }