From ded88474d54a32f9e79fa3def9d92a80d5b049be Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Mon, 13 Jul 2020 15:33:18 +0200 Subject: [PATCH] Can reset password --- src/controllers/account_controller.rs | 12 ++++++++++++ src/controllers/routes.rs | 1 + src/helpers/account_helper.rs | 17 +++++++++++++++++ 3 files changed, 30 insertions(+) diff --git a/src/controllers/account_controller.rs b/src/controllers/account_controller.rs index 8d443a9..b865702 100644 --- a/src/controllers/account_controller.rs +++ b/src/controllers/account_controller.rs @@ -166,4 +166,16 @@ pub fn check_security_answers(r: &mut HttpRequestHandler) -> RequestResult { pub fn check_password_reset_token(r: &mut HttpRequestHandler) -> RequestResult { r.post_user_id_from_password_reset_token("token")?; r.success("The token is valid") +} + +/// Reset user password +pub fn reset_user_password(r: &mut HttpRequestHandler) -> RequestResult { + let user_id = r.post_user_id_from_password_reset_token("token")?; + let new_password = r.post_string_opt("password", 3, true)?; + + account_helper::change_password(&user_id, &new_password)?; + + account_helper::destroy_password_reset_token_for_user(&user_id)?; + + r.success("Password changed!") } \ No newline at end of file diff --git a/src/controllers/routes.rs b/src/controllers/routes.rs index 62d7bed..86ef414 100644 --- a/src/controllers/routes.rs +++ b/src/controllers/routes.rs @@ -80,6 +80,7 @@ pub fn get_routes() -> Vec { Route::post_without_login("/account/get_security_questions", Box::new(account_controller::get_security_questions)), Route::post_without_login("/account/check_security_answers", Box::new(account_controller::check_security_answers)), Route::post_without_login("/account/check_password_reset_token", Box::new(account_controller::check_password_reset_token)), + Route::post_without_login("/account/reset_user_passwd", Box::new(account_controller::reset_user_password)), // User controller Route::post_without_login("/user/getInfo", Box::new(user_controller::get_single)), diff --git a/src/helpers/account_helper.rs b/src/helpers/account_helper.rs index 0c5b4ab..5a9d561 100644 --- a/src/helpers/account_helper.rs +++ b/src/helpers/account_helper.rs @@ -128,6 +128,15 @@ pub fn generate_password_reset_token(user_id: &UserID) -> ResultBoxError Ok(token) } +/// Remove password reset token for a given user +pub fn destroy_password_reset_token_for_user(user_id: &UserID) -> ResultBoxError { + database::UpdateInfo::new(USERS_TABLE) + .cond_user_id("ID", user_id) + .set_str("password_reset_token", "") + .set_u64("password_reset_token_time_create", 0) + .exec() +} + /// Get the ID of a user based on a password reset token pub fn get_user_id_from_password_reset_token(token: &str) -> ResultBoxError { database::QueryInfo::new(USERS_TABLE) @@ -137,6 +146,14 @@ pub fn get_user_id_from_password_reset_token(token: &str) -> ResultBoxError ResultBoxError { + database::UpdateInfo::new(USERS_TABLE) + .cond_user_id("ID", user_id) + .set_str("password", &crypt_pass(new_password)?) + .exec() +} + /// Check out whether a virtual directory is taken by a user or not pub fn check_user_directory_availability(dir: &str, user_id: Option) -> ResultBoxError { let found_user = user_helper::find_user_by_virtual_directory(dir);