✨ Reset password APIs

pkg/internal/services/accounts.go

@@ -101,6 +101,8 @@ func ConfirmAccount(code string) error {
 	token, err := ValidateMagicToken(code, models.ConfirmMagicToken)
 	if err != nil {
 		return err
+	} else if token.AccountID == nil {
+		return fmt.Errorf("magic token didn't assign a valid account")
 	}
 
 	var user models.Account
@@ -134,6 +136,61 @@ func ConfirmAccount(code string) error {
 	})
 }
 
+func CheckAbleToResetPassword(user models.Account) error {
+	var count int64
+	if err := database.C.
+		Where("account_id = ?", user.ID).
+		Where("expired_at < ?", time.Now()).
+		Model(&models.MagicToken{}).
+		Count(&count).Error; err != nil {
+		return fmt.Errorf("unable to check reset password ability: %v", err)
+	} else if count == 0 {
+		return fmt.Errorf("you requested reset password recently")
+	}
+
+	return nil
+}
+
+func RequestResetPassword(user models.Account) error {
+	if tk, err := NewMagicToken(
+		models.ResetPasswordMagicToken,
+		&user,
+		lo.ToPtr(time.Now().Add(24*time.Hour)),
+	); err != nil {
+		return err
+	} else if err := NotifyMagicToken(tk); err != nil {
+		log.Error().
+			Err(err).
+			Str("code", tk.Code).
+			Uint("user", user.ID).
+			Msg("Failed to notify password reset magic token...")
+	}
+
+	return nil
+}
+
+func ConfirmResetPassword(code, newPassword string) error {
+	token, err := ValidateMagicToken(code, models.ResetPasswordMagicToken)
+	if err != nil {
+		return err
+	} else if token.AccountID == nil {
+		return fmt.Errorf("magic token didn't assign a valid account")
+	}
+
+	factor, err := GetPasswordTypeFactor(*token.AccountID)
+	if err != nil {
+		factor = models.AuthFactor{
+			Type:      models.PasswordAuthFactor,
+			Secret:    HashPassword(newPassword),
+			AccountID: *token.AccountID,
+		}
+	} else {
+		factor.Secret = HashPassword(newPassword)
+	}
+
+	return database.C.Save(&factor).Error
+}
+
 func DeleteAccount(id uint) error {
 	tx := database.C.Begin()
 

pkg/internal/services/tokens.go

@@ -27,6 +27,21 @@ Once again, thank you for choosing us. We look forward to serving you and hope y
 Best regards,
 %s`
 
+const ResetPasswordTemplate = `Dear %s,
+
+We received a request to reset the password for your account at %s. If you did not request a password reset, please ignore this email.
+
+To confirm your password reset request and create a new password, please use the link below:
+
+%s
+
+This link will expire in 24 hours. If you do not reset your password within this time frame, you will need to submit a new password reset request.
+
+If you have any questions or need further assistance, please do not hesitate to contact our support team.
+
+Best regards,
+%s`
+
 func ValidateMagicToken(code string, mode models.MagicTokenType) (models.MagicToken, error) {
 	var tk models.MagicToken
 	if err := database.C.Where(models.MagicToken{Code: code, Type: mode}).First(&tk).Error; err != nil {
@@ -74,7 +89,7 @@ func NotifyMagicToken(token models.MagicToken) error {
 	var content string
 	switch token.Type {
 	case models.ConfirmMagicToken:
-		link := fmt.Sprintf("https://%s/me/confirm?tk=%s", viper.GetString("domain"), token.Code)
+		link := fmt.Sprintf("https://%s/flow/confirm?code=%s", viper.GetString("domain"), token.Code)
 		subject = fmt.Sprintf("[%s] Confirm your registration", viper.GetString("name"))
 		content = fmt.Sprintf(
 			ConfirmRegistrationTemplate,
@@ -84,6 +99,16 @@ func NotifyMagicToken(token models.MagicToken) error {
 			link,
 			viper.GetString("maintainer"),
 		)
+	case models.ResetPasswordMagicToken:
+		link := fmt.Sprintf("https://%s/flow/password-reset?code=%s", viper.GetString("domain"), token.Code)
+		subject = fmt.Sprintf("[%s] Reset your password", viper.GetString("name"))
+		content = fmt.Sprintf(
+			ResetPasswordTemplate,
+			user.Name,
+			viper.GetString("name"),
+			link,
+			viper.GetString("maintainer"),
+		)
 	default:
 		return fmt.Errorf("unsupported magic token type to notify")
 	}