Can request password reset

2023-05-31 13:56:18 +02:00
parent 56be33070c
commit 5ed74260a8
4 changed files with 54 additions and 6 deletions
--- a/geneit_backend/src/controllers/auth_controller.rs
+++ b/geneit_backend/src/controllers/auth_controller.rs
@ -51,6 +51,41 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBod
    Ok(HttpResponse::Created().finish())
 }

+#[derive(serde::Deserialize)]
+pub struct RequestResetPasswordBody {
+    mail: String,
+}
+
+/// Request the creation of a new password reset link
+pub async fn request_reset_password(
+    remote_ip: RemoteIP,
+    req: web::Json<RequestResetPasswordBody>,
+) -> HttpResult {
+    // Rate limiting
+    if rate_limiter_service::should_block_action(
+        remote_ip.0,
+        RatedAction::RequestNewPasswordResetLink,
+    )
+    .await?
+    {
+        return Ok(HttpResponse::TooManyRequests().finish());
+    }
+    rate_limiter_service::record_action(remote_ip.0, RatedAction::RequestNewPasswordResetLink)
+        .await?;
+
+    match users_service::get_by_mail(&req.mail).await {
+        Ok(mut user) => users_service::request_reset_password(&mut user).await?,
+        Err(e) => {
+            log::error!(
+                "Could not locate user account {}! (error silently ignored)",
+                e
+            );
+        }
+    }
+
+    Ok(HttpResponse::Created().finish())
+}
+
 #[derive(serde::Deserialize)]
 pub struct CheckResetPasswordTokenBody {
    token: String,