MCPcopy
hub / github.com/dnote/dnote / PasswordReset

Method PasswordReset

pkg/server/controllers/users.go:356–434  ·  view source on GitHub ↗

PasswordReset renders password reset view

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

354
355// PasswordReset renders password reset view
356func (u *Users) PasswordReset(w http.ResponseWriter, r *http.Request) {
357 vd := views.Data{}
358
359 var params resetPasswordPayload
360 if err := parseForm(r, &params); err != nil {
361 handleHTMLError(w, r, err, "parsing params", u.NewView, vd)
362 return
363 }
364
365 vd.Yield = map[string]interface{}{
366 "Token": params.Token,
367 }
368
369 if params.Password != params.PasswordConfirmation {
370 handleHTMLError(w, r, app.ErrPasswordConfirmationMismatch, "password mismatch", u.PasswordResetConfirmView, vd)
371 return
372 }
373
374 var token database.Token
375 err := u.app.DB.Where("value = ? AND type =? AND used_at IS NULL", params.Token, database.TokenTypeResetPassword).First(&token).Error
376 if errors.Is(err, gorm.ErrRecordNotFound) {
377 handleHTMLError(w, r, app.ErrInvalidToken, "invalid token", u.PasswordResetConfirmView, vd)
378 return
379 }
380 if err != nil {
381 handleHTMLError(w, r, err, "finding token", u.PasswordResetConfirmView, vd)
382 return
383 }
384
385 if token.UsedAt != nil {
386 handleHTMLError(w, r, app.ErrInvalidToken, "invalid token", u.PasswordResetConfirmView, vd)
387 return
388 }
389
390 // Expire after 10 minutes
391 if time.Since(token.CreatedAt).Minutes() > 10 {
392 handleHTMLError(w, r, app.ErrPasswordResetTokenExpired, "expired token", u.PasswordResetConfirmView, vd)
393 return
394 }
395
396 var user database.User
397 if err := u.app.DB.Where("id = ?", token.UserID).First(&user).Error; err != nil {
398 handleHTMLError(w, r, err, "finding user", u.PasswordResetConfirmView, vd)
399 return
400 }
401
402 tx := u.app.DB.Begin()
403
404 // Update the password
405 if err := app.UpdateUserPassword(tx, &user, params.Password); err != nil {
406 tx.Rollback()
407 handleHTMLError(w, r, err, "updating password", u.PasswordResetConfirmView, vd)
408 return
409 }
410
411 if err := tx.Model(&token).Update("used_at", time.Now()).Error; err != nil {
412 tx.Rollback()
413 handleHTMLError(w, r, err, "updating password reset token", u.PasswordResetConfirmView, vd)

Callers

nothing calls this directly

Calls 12

UpdateUserPasswordFunction · 0.92
RedirectAlertFunction · 0.92
ErrorWrapFunction · 0.92
parseFormFunction · 0.85
handleHTMLErrorFunction · 0.85
DeleteUserSessionsMethod · 0.80
BeginMethod · 0.65
RollbackMethod · 0.65
NowMethod · 0.65
CommitMethod · 0.65
UpdateMethod · 0.45

Tested by

no test coverage detected