Comunic/comunicapiv3
1
0
Fork 0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2025-06-21 00:45:18 +00:00
Code Issues Projects Releases Wiki Activity

Can generate a reset token if password is valid

Browse Source
This commit is contained in:
Pierre HUBERT
2020-07-13 14:20:28 +02:00
parent d33e1fe77c
commit e4b361ab12
5 changed files with 63 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/controllers/account_controller.rs
View File

@ -1,6 +1,9 @@
use percent_encoding::percent_decode_str;
use crate::api_data::current_user_id::CurrentUserID;
use crate::api_data::login_success::LoginSuccess;
use crate::api_data::res_check_email_exists::ResCheckEmailExists;
use crate::api_data::res_check_security_answers::ResCheckSecurityAnswers;
use crate::api_data::res_check_security_questions_exists::ResCheckSecurityQuestionsExists;
use crate::api_data::res_get_security_questions::ResGetSecurityQuestions;
use crate::controllers::routes::RequestResult;
@ -118,4 +121,31 @@ pub fn get_security_questions(r: &mut HttpRequestHandler) -> RequestResult {
}
r.set_response(ResGetSecurityQuestions::new(&user))
}
/// Check the security answers given by a user to reset a password
pub fn check_security_answers(r: &mut HttpRequestHandler) -> RequestResult {
let user = r.post_user_info_from_email("email")?;
if !user.has_security_questions() {
r.forbidden("Specified user has not setup security questions !".to_string())?;
}
let answers: Vec<String> = r.post_string_opt("answers", 3, true)?
.split("&")
.map(|s| percent_decode_str(s).decode_utf8_lossy().to_lowercase().trim().to_string())
.collect::<Vec<String>>();
if answers.len() != 2 {
r.forbidden("Please specify two answers!".to_string())?;
}
if answers[0] != user.security_answer_1.unwrap().to_lowercase().trim() ||
answers[1] != user.security_answer_2.unwrap().to_lowercase().trim() {
r.forbidden("Invalid security answers!".to_string())?;
}
let token = account_helper::generate_password_reset_token(&user.id)?;
r.set_response(ResCheckSecurityAnswers::new(token))
}

1
src/controllers/routes.rs
View File

@ -78,6 +78,7 @@ pub fn get_routes() -> Vec<Route> {
Route::post_without_login("/account/exists_email", Box::new(account_controller::exists_mail)),
Route::post_without_login("/account/has_security_questions", Box::new(account_controller::has_security_questions)),
Route::post_without_login("/account/get_security_questions", Box::new(account_controller::get_security_questions)),
Route::post_without_login("/account/check_security_answers", Box::new(account_controller::check_security_answers)),
// User controller
Route::post_without_login("/user/getInfo", Box::new(user_controller::get_single)),