diff options
Diffstat (limited to 'api/password_reset.go')
-rw-r--r-- | api/password_reset.go | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/api/password_reset.go b/api/password_reset.go new file mode 100644 index 0000000..82aaaef --- /dev/null +++ b/api/password_reset.go | |||
@@ -0,0 +1,103 @@ | |||
1 | package api | ||
2 | |||
3 | import ( | ||
4 | "fmt" | ||
5 | "time" | ||
6 | |||
7 | "github.com/dchest/passwordreset" | ||
8 | "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db" | ||
9 | ) | ||
10 | |||
11 | var PASSWORD_RESET_SECRET []byte | ||
12 | |||
13 | type PasswordResetQuery struct { | ||
14 | In struct { | ||
15 | Email string | ||
16 | } | ||
17 | } | ||
18 | |||
19 | func (q PasswordResetQuery) ValidateParams() *Error { | ||
20 | if q.In.Email == "" { | ||
21 | return &Error{InvalidEmail, "invalid email", fmt.Errorf("invalid email")} | ||
22 | } | ||
23 | |||
24 | return nil | ||
25 | } | ||
26 | |||
27 | func (q PasswordResetQuery) Run() (interface{}, *Error) { | ||
28 | user, err := db.GetUserByEmail(q.In.Email) | ||
29 | if err != nil { | ||
30 | return nil, NewInternalError(err) | ||
31 | } | ||
32 | |||
33 | if user == nil { | ||
34 | return nil, &Error{NotFound, "account not found", fmt.Errorf("'%v' is not registered", q.In.Email)} | ||
35 | } | ||
36 | |||
37 | token := passwordreset.NewToken(q.In.Email, time.Hour*24*1, []byte(user.PasswordHash), PASSWORD_RESET_SECRET) | ||
38 | if CONFIG.FreeSMSUser != "" { | ||
39 | err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("'%v' request a password reset. Token '/change-password?token=%v'", q.In.Email, token)) | ||
40 | if err != nil { | ||
41 | return nil, NewInternalError(err) | ||
42 | } | ||
43 | } | ||
44 | |||
45 | return "OK", nil | ||
46 | } | ||
47 | |||
48 | type ChangePasswordQuery struct { | ||
49 | In struct { | ||
50 | Token string | ||
51 | Password string | ||
52 | } | ||
53 | } | ||
54 | |||
55 | func (q ChangePasswordQuery) ValidateParams() *Error { | ||
56 | if q.In.Password == "" { | ||
57 | return &Error{InvalidPassword, "invalid password", fmt.Errorf("invalid password")} | ||
58 | } | ||
59 | |||
60 | if q.In.Token == "" { | ||
61 | return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")} | ||
62 | } | ||
63 | |||
64 | return nil | ||
65 | } | ||
66 | |||
67 | func (q ChangePasswordQuery) Run() (interface{}, *Error) { | ||
68 | var user *db.User | ||
69 | |||
70 | email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) { | ||
71 | var err error | ||
72 | user, err = db.GetUserByEmail(email) | ||
73 | if err != nil { | ||
74 | return nil, err | ||
75 | } | ||
76 | |||
77 | if user == nil { | ||
78 | return nil, fmt.Errorf("'%v' is not registered", email) | ||
79 | } | ||
80 | |||
81 | return []byte(user.PasswordHash), nil | ||
82 | |||
83 | }, PASSWORD_RESET_SECRET) | ||
84 | |||
85 | if err != nil && (err == passwordreset.ErrExpiredToken) { | ||
86 | return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")} | ||
87 | } else if err != nil && (err == passwordreset.ErrMalformedToken || err == passwordreset.ErrWrongSignature) { | ||
88 | return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")} | ||
89 | } else if err != nil { | ||
90 | return nil, NewInternalError(err) | ||
91 | } | ||
92 | |||
93 | if user == nil { | ||
94 | return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)} | ||
95 | } | ||
96 | |||
97 | err = db.SetPassword(user, q.In.Password) | ||
98 | if err != nil { | ||
99 | return nil, NewInternalError(err) | ||
100 | } | ||
101 | |||
102 | return "OK", nil | ||
103 | } | ||