implement password reset

2025-07-01 08:08:36 +00:00 · 2024-05-24 20:34:49 -05:00 · 2024-05-24 20:34:49 -05:00 · 64d2957853
commit 64d2957853
parent 2231c54f21
5 changed files with 87 additions and 13 deletions
--- a/backend/app/api/handlers/v1/v1_ctrl_user.go
+++ b/backend/app/api/handlers/v1/v1_ctrl_user.go
@ -117,12 +117,10 @@ func (ctrl *V1Controller) HandleUserSelfDelete() errchain.HandlerFunc {
 	}
 }

-type (
-	ChangePassword struct {
-		Current string `json:"current,omitempty"`
-		New     string `json:"new,omitempty"`
-	}
-)
+type ChangePassword struct {
+	Current string `json:"current,omitempty"`
+	New     string `json:"new,omitempty"`
+}

 // HandleUserSelfChangePassword godoc
 //
@ -146,7 +144,42 @@ func (ctrl *V1Controller) HandleUserSelfChangePassword() errchain.HandlerFunc {

 		ctx := services.NewContext(r.Context())

-		ok := ctrl.svc.User.ChangePassword(ctx, cp.Current, cp.New)
+		ok := ctrl.svc.User.PasswordChange(ctx, cp.Current, cp.New)
+		if !ok {
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+
+		return server.JSON(w, http.StatusNoContent, nil)
+	}
+}
+
+// HandleUserSelfChangePasswordWithToken godoc
+//
+//	@Summary  Change Password
+//	@Tags     User
+//	@Success  204
+//	@Param    payload body ChangePassword true "Password Payload"
+//	@Router   /v1/users/change-password-token [PUT]
+func (ctrl *V1Controller) HandleUserSelfChangePasswordWithToken() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		tokenQueryParam := r.URL.Query().Get("token")
+		if tokenQueryParam == "" {
+			return validate.NewRequestError(fmt.Errorf("missing token query param"), http.StatusBadRequest)
+		}
+
+		if ctrl.isDemo {
+			return validate.NewRequestError(nil, http.StatusForbidden)
+		}
+
+		var cp ChangePassword
+		err := server.Decode(r, &cp)
+		if err != nil {
+			log.Err(err).Msg("user failed to change password")
+		}
+
+		ctx := services.NewContext(r.Context())
+
+		ok := ctrl.svc.User.PasswordChange(ctx, cp.Current, cp.New)
 		if !ok {
 			return validate.NewRequestError(err, http.StatusInternalServerError)
 		}
@ -165,6 +198,10 @@ func (ctrl *V1Controller) HandleUserSelfChangePassword() errchain.HandlerFunc {
 // @Router  /v1/users/request-password-reset [Post]
 func (ctrl *V1Controller) HandleUserRequestPasswordReset() errchain.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) error {
+		if ctrl.isDemo {
+			return validate.NewRequestError(nil, http.StatusForbidden)
+		}
+
 		v, err := adapters.DecodeBody[services.PasswordResetRequest](r)
 		if err != nil {
 			return err
@ -173,7 +210,7 @@ func (ctrl *V1Controller) HandleUserRequestPasswordReset() errchain.HandlerFunc
 		go func() {
 			ctx := context.Background()

-			err = ctrl.svc.User.RequestPasswordReset(ctx, v)
+			err = ctrl.svc.User.PasswordResetRequest(ctx, v)
 			if err != nil {
 				log.Warn().
 					Err(err).
--- a/backend/app/api/routes.go
+++ b/backend/app/api/routes.go
@ -85,6 +85,7 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain) {
 	r.Post(v1Base("/users/logout"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogout(), userMW...))
 	r.Get(v1Base("/users/refresh"), chain.ToHandlerFunc(v1Ctrl.HandleAuthRefresh(), userMW...))
 	r.Put(v1Base("/users/self/change-password"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfChangePassword(), userMW...))
+	r.Put(v1Base("/users/self/change-password-token"), chain.ToHandlerFunc(v1Ctrl.HandleUserSelfChangePasswordWithToken()))

 	r.Post(v1Base("/groups/invitations"), chain.ToHandlerFunc(v1Ctrl.HandleGroupInvitationsCreate(), userMW...))
 	r.Get(v1Base("/groups/statistics"), chain.ToHandlerFunc(v1Ctrl.HandleGroupStatistics(), userMW...))