Can check the validity of a password reset token

2025-06-20 16:35:17 +00:00 · 2020-07-13 14:52:25 +02:00
parent e4b361ab12
commit 8a2f482bbd
5 changed files with 50 additions and 3 deletions
--- a/src/controllers/account_controller.rs
+++ b/src/controllers/account_controller.rs
@ -6,11 +6,12 @@ use crate::api_data::res_check_email_exists::ResCheckEmailExists;
 use crate::api_data::res_check_security_answers::ResCheckSecurityAnswers;
 use crate::api_data::res_check_security_questions_exists::ResCheckSecurityQuestionsExists;
 use crate::api_data::res_get_security_questions::ResGetSecurityQuestions;
+use crate::constants::PASSWORD_RESET_TOKEN_LENGTH;
 use crate::controllers::routes::RequestResult;
 use crate::data::error::ResultBoxError;
 use crate::data::http_request_handler::HttpRequestHandler;
 use crate::data::new_account::NewAccount;
-use crate::data::user::User;
+use crate::data::user::{User, UserID};
 use crate::helpers::{account_helper, user_helper};

 /// Account controller
@ -27,6 +28,17 @@ impl HttpRequestHandler {
            format!("Requested user in '{}' not found!", email).as_str(),
        )
    }
+
+    /// Get the ID of the user associated with a password reset token
+    pub fn post_user_id_from_password_reset_token(&mut self, field: &str) -> ResultBoxError<UserID> {
+        let token = self.post_string_opt(field, PASSWORD_RESET_TOKEN_LENGTH, true)?;
+        let user_id = self.ok_or_forbidden(
+            account_helper::get_user_id_from_password_reset_token(&token),
+            "Invalid password reset token!",
+        )?;
+
+        Ok(user_id)
+    }
 }

 /// Create a new account
@ -148,4 +160,10 @@ pub fn check_security_answers(r: &mut HttpRequestHandler) -> RequestResult {
    let token = account_helper::generate_password_reset_token(&user.id)?;

    r.set_response(ResCheckSecurityAnswers::new(token))
+}
+
+/// Check the validity of a password reset token
+pub fn check_password_reset_token(r: &mut HttpRequestHandler) -> RequestResult {
+    r.post_user_id_from_password_reset_token("token")?;
+    r.success("The token is valid")
 }
--- a/src/controllers/routes.rs
+++ b/src/controllers/routes.rs
@ -79,6 +79,7 @@ pub fn get_routes() -> Vec<Route> {
        Route::post_without_login("/account/has_security_questions", Box::new(account_controller::has_security_questions)),
        Route::post_without_login("/account/get_security_questions", Box::new(account_controller::get_security_questions)),
        Route::post_without_login("/account/check_security_answers", Box::new(account_controller::check_security_answers)),
+        Route::post_without_login("/account/check_password_reset_token", Box::new(account_controller::check_password_reset_token)),

        // User controller
        Route::post_without_login("/user/getInfo", Box::new(user_controller::get_single)),