PasswordReset renders password reset view
(w http.ResponseWriter, r *http.Request)
| 354 | |
| 355 | // PasswordReset renders password reset view |
| 356 | func (u *Users) PasswordReset(w http.ResponseWriter, r *http.Request) { |
| 357 | vd := views.Data{} |
| 358 | |
| 359 | var params resetPasswordPayload |
| 360 | if err := parseForm(r, ¶ms); err != nil { |
| 361 | handleHTMLError(w, r, err, "parsing params", u.NewView, vd) |
| 362 | return |
| 363 | } |
| 364 | |
| 365 | vd.Yield = map[string]interface{}{ |
| 366 | "Token": params.Token, |
| 367 | } |
| 368 | |
| 369 | if params.Password != params.PasswordConfirmation { |
| 370 | handleHTMLError(w, r, app.ErrPasswordConfirmationMismatch, "password mismatch", u.PasswordResetConfirmView, vd) |
| 371 | return |
| 372 | } |
| 373 | |
| 374 | var token database.Token |
| 375 | err := u.app.DB.Where("value = ? AND type =? AND used_at IS NULL", params.Token, database.TokenTypeResetPassword).First(&token).Error |
| 376 | if errors.Is(err, gorm.ErrRecordNotFound) { |
| 377 | handleHTMLError(w, r, app.ErrInvalidToken, "invalid token", u.PasswordResetConfirmView, vd) |
| 378 | return |
| 379 | } |
| 380 | if err != nil { |
| 381 | handleHTMLError(w, r, err, "finding token", u.PasswordResetConfirmView, vd) |
| 382 | return |
| 383 | } |
| 384 | |
| 385 | if token.UsedAt != nil { |
| 386 | handleHTMLError(w, r, app.ErrInvalidToken, "invalid token", u.PasswordResetConfirmView, vd) |
| 387 | return |
| 388 | } |
| 389 | |
| 390 | // Expire after 10 minutes |
| 391 | if time.Since(token.CreatedAt).Minutes() > 10 { |
| 392 | handleHTMLError(w, r, app.ErrPasswordResetTokenExpired, "expired token", u.PasswordResetConfirmView, vd) |
| 393 | return |
| 394 | } |
| 395 | |
| 396 | var user database.User |
| 397 | if err := u.app.DB.Where("id = ?", token.UserID).First(&user).Error; err != nil { |
| 398 | handleHTMLError(w, r, err, "finding user", u.PasswordResetConfirmView, vd) |
| 399 | return |
| 400 | } |
| 401 | |
| 402 | tx := u.app.DB.Begin() |
| 403 | |
| 404 | // Update the password |
| 405 | if err := app.UpdateUserPassword(tx, &user, params.Password); err != nil { |
| 406 | tx.Rollback() |
| 407 | handleHTMLError(w, r, err, "updating password", u.PasswordResetConfirmView, vd) |
| 408 | return |
| 409 | } |
| 410 | |
| 411 | if err := tx.Model(&token).Update("used_at", time.Now()).Error; err != nil { |
| 412 | tx.Rollback() |
| 413 | handleHTMLError(w, r, err, "updating password reset token", u.PasswordResetConfirmView, vd) |
nothing calls this directly
no test coverage detected