1
0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2025-01-14 22:47:44 +00:00

Can generate a reset token if password is valid

This commit is contained in:
Pierre HUBERT 2020-07-13 14:20:28 +02:00
parent d33e1fe77c
commit e4b361ab12
5 changed files with 63 additions and 1 deletions

View File

@ -46,3 +46,4 @@ mod type_container_api;
pub mod res_check_email_exists;
pub mod res_check_security_questions_exists;
pub mod res_get_security_questions;
pub mod res_check_security_answers;

View File

@ -0,0 +1,17 @@
//! # Check security answsers result
//!
//! If the user gave valid security answers, we give him a password reset token.
//!
//! @author Pierre Hubert
use serde::Serialize;
#[derive(Serialize)]
pub struct ResCheckSecurityAnswers {
reset_token: String
}
impl ResCheckSecurityAnswers {
pub fn new(reset_token: String) -> ResCheckSecurityAnswers {
ResCheckSecurityAnswers { reset_token }
}
}

View File

@ -1,6 +1,9 @@
use percent_encoding::percent_decode_str;
use crate::api_data::current_user_id::CurrentUserID;
use crate::api_data::login_success::LoginSuccess;
use crate::api_data::res_check_email_exists::ResCheckEmailExists;
use crate::api_data::res_check_security_answers::ResCheckSecurityAnswers;
use crate::api_data::res_check_security_questions_exists::ResCheckSecurityQuestionsExists;
use crate::api_data::res_get_security_questions::ResGetSecurityQuestions;
use crate::controllers::routes::RequestResult;
@ -119,3 +122,30 @@ pub fn get_security_questions(r: &mut HttpRequestHandler) -> RequestResult {
r.set_response(ResGetSecurityQuestions::new(&user))
}
/// Check the security answers given by a user to reset a password
pub fn check_security_answers(r: &mut HttpRequestHandler) -> RequestResult {
let user = r.post_user_info_from_email("email")?;
if !user.has_security_questions() {
r.forbidden("Specified user has not setup security questions !".to_string())?;
}
let answers: Vec<String> = r.post_string_opt("answers", 3, true)?
.split("&")
.map(|s| percent_decode_str(s).decode_utf8_lossy().to_lowercase().trim().to_string())
.collect::<Vec<String>>();
if answers.len() != 2 {
r.forbidden("Please specify two answers!".to_string())?;
}
if answers[0] != user.security_answer_1.unwrap().to_lowercase().trim() ||
answers[1] != user.security_answer_2.unwrap().to_lowercase().trim() {
r.forbidden("Invalid security answers!".to_string())?;
}
let token = account_helper::generate_password_reset_token(&user.id)?;
r.set_response(ResCheckSecurityAnswers::new(token))
}

View File

@ -78,6 +78,7 @@ pub fn get_routes() -> Vec<Route> {
Route::post_without_login("/account/exists_email", Box::new(account_controller::exists_mail)),
Route::post_without_login("/account/has_security_questions", Box::new(account_controller::has_security_questions)),
Route::post_without_login("/account/get_security_questions", Box::new(account_controller::get_security_questions)),
Route::post_without_login("/account/check_security_answers", Box::new(account_controller::check_security_answers)),
// User controller
Route::post_without_login("/user/getInfo", Box::new(user_controller::get_single)),

View File

@ -114,6 +114,19 @@ pub fn destroy_all_user_tokens(id: &UserID) -> ResultBoxError {
.exec()
}
/// Generate a new password reset token
pub fn generate_password_reset_token(user_id: &UserID) -> ResultBoxError<String> {
let token = rand_str(255);
database::UpdateInfo::new(USERS_TABLE)
.cond_user_id("ID", user_id)
.set_str("password_reset_token", &token)
.set_u64("password_reset_token_time_create", time())
.exec()?;
Ok(token)
}
/// Check out whether a virtual directory is taken by a user or not
pub fn check_user_directory_availability(dir: &str, user_id: Option<UserID>) -> ResultBoxError<bool> {
let found_user = user_helper::find_user_by_virtual_directory(dir);