mirror of
https://gitlab.com/comunic/comunicapiv2
synced 2024-11-22 13:29:22 +00:00
Can check security answers
This commit is contained in:
parent
95069423f5
commit
82ea8ce0a3
@ -115,4 +115,34 @@ export class AccountController {
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
/**
|
||||
* Check the answer given by the user
|
||||
*
|
||||
* @param h Request handler
|
||||
*/
|
||||
public static async CheckSecurityAnswers(h: RequestHandler) {
|
||||
const userID = await h.postUserIdFromEmail("email");
|
||||
const settings = await UserHelper.GetUserInfo(userID);
|
||||
|
||||
if(!settings.hasSecurityQuestions)
|
||||
h.error(401, "Specified user has not setup security questions !");
|
||||
|
||||
// Get the answers of the user
|
||||
const answers = h.postString("answers", 3).split("&")
|
||||
.map((e) => decodeURIComponent(e).toLowerCase().trim());
|
||||
|
||||
if(answers.length != 2)
|
||||
h.error(401, "Please specify two security answers !");
|
||||
|
||||
// Check the answers
|
||||
if(answers[0] != settings.security_answer_1.toLowerCase().trim() ||
|
||||
answers[1] != settings.security_answer_2.toLowerCase().trim())
|
||||
h.error(401, "Specified ecurity answers are invalid!");
|
||||
|
||||
// If we get there, security answers are valid, we can create a password reset token
|
||||
h.send({
|
||||
reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID)
|
||||
});
|
||||
}
|
||||
}
|
@ -49,6 +49,8 @@ export const Routes : Route[] = [
|
||||
|
||||
{path: "/account/get_security_questions", cb: (h) => AccountController.GetSecurityQuestions(h), needLogin: false},
|
||||
|
||||
{path: "/account/check_security_answers", cb: (h) => AccountController.CheckSecurityAnswers(h), needLogin: false},
|
||||
|
||||
|
||||
// User controller
|
||||
{path: "/user/getInfo", cb: (h) => UserController.GetSingle(h), needLogin: false},
|
||||
|
@ -3,6 +3,7 @@ import { APIClient } from "../entities/APIClient";
|
||||
import { UserLoginTokens } from "../entities/UserLoginTokens";
|
||||
import { DatabaseHelper } from "./DatabaseHelper";
|
||||
import { UserHelper } from "./UserHelper";
|
||||
import { time } from "../utils/DateUtils";
|
||||
|
||||
/**
|
||||
* Account helper
|
||||
@ -205,4 +206,29 @@ export class AccountHelper {
|
||||
|
||||
return foundUser < 1 || userID == foundUser;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a new token to reset an account password
|
||||
*
|
||||
* @param userID Target user ID
|
||||
* @returns Generated token
|
||||
*/
|
||||
public static async GenerateNewPasswordResetToken(userID: number) : Promise<string> {
|
||||
|
||||
// Generate a token
|
||||
const token = randomStr(255);
|
||||
|
||||
await DatabaseHelper.UpdateRows({
|
||||
table: USER_TABLE,
|
||||
where: {
|
||||
ID: userID
|
||||
},
|
||||
set: {
|
||||
password_reset_token: token,
|
||||
password_reset_token_time_create: time()
|
||||
}
|
||||
});
|
||||
|
||||
return token;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user