7 "github.com/dchest/passwordreset"
8 "git.immae.eu/Cryptoportfolio/Front.git/db"
11 var PASSWORD_RESET_SECRET []byte
13 type PasswordResetQuery struct {
19 func (q PasswordResetQuery) ValidateParams() *Error {
21 return &Error{InvalidEmail, "invalid email", fmt.Errorf("invalid email")}
27 func (q PasswordResetQuery) Run() (interface{}, *Error) {
28 user, err := db.GetUserByEmail(q.In.Email)
30 return nil, NewInternalError(err)
34 return nil, &Error{NotFound, "account not found", fmt.Errorf("'%v' is not registered", q.In.Email)}
37 token := passwordreset.NewToken(q.In.Email, time.Hour*24*1, []byte(user.PasswordHash), PASSWORD_RESET_SECRET)
38 if CONFIG.FreeSMSUser != "" {
39 err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("'%v' request a password reset. Token '/change-password?token=%v'", q.In.Email, token))
41 return nil, NewInternalError(err)
45 if MAIL_CONFIG.IsEnabled {
46 err = SendResetPasswordMail(q.In.Email, token)
48 return nil, NewInternalError(err)
55 type ChangePasswordQuery struct {
62 func (q ChangePasswordQuery) ValidateParams() *Error {
63 if q.In.Password == "" {
64 return &Error{InvalidPassword, "invalid password", fmt.Errorf("invalid password")}
68 return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")}
74 func (q ChangePasswordQuery) Run() (interface{}, *Error) {
77 email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) {
79 user, err = db.GetUserByEmail(email)
85 return nil, fmt.Errorf("'%v' is not registered", email)
88 return []byte(user.PasswordHash), nil
90 }, PASSWORD_RESET_SECRET)
92 if err != nil && (err == passwordreset.ErrExpiredToken) {
93 return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")}
94 } else if err != nil && (err == passwordreset.ErrMalformedToken || err == passwordreset.ErrWrongSignature) {
95 return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")}
96 } else if err != nil {
97 return nil, NewInternalError(err)
101 return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)}
104 err = db.SetPassword(user, q.In.Password)
106 return nil, NewInternalError(err)