✨ Reset password APIs
This commit is contained in:
@ -101,6 +101,8 @@ func ConfirmAccount(code string) error {
|
||||
token, err := ValidateMagicToken(code, models.ConfirmMagicToken)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if token.AccountID == nil {
|
||||
return fmt.Errorf("magic token didn't assign a valid account")
|
||||
}
|
||||
|
||||
var user models.Account
|
||||
@ -134,6 +136,61 @@ func ConfirmAccount(code string) error {
|
||||
})
|
||||
}
|
||||
|
||||
func CheckAbleToResetPassword(user models.Account) error {
|
||||
var count int64
|
||||
if err := database.C.
|
||||
Where("account_id = ?", user.ID).
|
||||
Where("expired_at < ?", time.Now()).
|
||||
Model(&models.MagicToken{}).
|
||||
Count(&count).Error; err != nil {
|
||||
return fmt.Errorf("unable to check reset password ability: %v", err)
|
||||
} else if count == 0 {
|
||||
return fmt.Errorf("you requested reset password recently")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func RequestResetPassword(user models.Account) error {
|
||||
if tk, err := NewMagicToken(
|
||||
models.ResetPasswordMagicToken,
|
||||
&user,
|
||||
lo.ToPtr(time.Now().Add(24*time.Hour)),
|
||||
); err != nil {
|
||||
return err
|
||||
} else if err := NotifyMagicToken(tk); err != nil {
|
||||
log.Error().
|
||||
Err(err).
|
||||
Str("code", tk.Code).
|
||||
Uint("user", user.ID).
|
||||
Msg("Failed to notify password reset magic token...")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func ConfirmResetPassword(code, newPassword string) error {
|
||||
token, err := ValidateMagicToken(code, models.ResetPasswordMagicToken)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if token.AccountID == nil {
|
||||
return fmt.Errorf("magic token didn't assign a valid account")
|
||||
}
|
||||
|
||||
factor, err := GetPasswordTypeFactor(*token.AccountID)
|
||||
if err != nil {
|
||||
factor = models.AuthFactor{
|
||||
Type: models.PasswordAuthFactor,
|
||||
Secret: HashPassword(newPassword),
|
||||
AccountID: *token.AccountID,
|
||||
}
|
||||
} else {
|
||||
factor.Secret = HashPassword(newPassword)
|
||||
}
|
||||
|
||||
return database.C.Save(&factor).Error
|
||||
}
|
||||
|
||||
func DeleteAccount(id uint) error {
|
||||
tx := database.C.Begin()
|
||||
|
||||
|
@ -27,6 +27,21 @@ Once again, thank you for choosing us. We look forward to serving you and hope y
|
||||
Best regards,
|
||||
%s`
|
||||
|
||||
const ResetPasswordTemplate = `Dear %s,
|
||||
|
||||
We received a request to reset the password for your account at %s. If you did not request a password reset, please ignore this email.
|
||||
|
||||
To confirm your password reset request and create a new password, please use the link below:
|
||||
|
||||
%s
|
||||
|
||||
This link will expire in 24 hours. If you do not reset your password within this time frame, you will need to submit a new password reset request.
|
||||
|
||||
If you have any questions or need further assistance, please do not hesitate to contact our support team.
|
||||
|
||||
Best regards,
|
||||
%s`
|
||||
|
||||
func ValidateMagicToken(code string, mode models.MagicTokenType) (models.MagicToken, error) {
|
||||
var tk models.MagicToken
|
||||
if err := database.C.Where(models.MagicToken{Code: code, Type: mode}).First(&tk).Error; err != nil {
|
||||
@ -74,7 +89,7 @@ func NotifyMagicToken(token models.MagicToken) error {
|
||||
var content string
|
||||
switch token.Type {
|
||||
case models.ConfirmMagicToken:
|
||||
link := fmt.Sprintf("https://%s/me/confirm?tk=%s", viper.GetString("domain"), token.Code)
|
||||
link := fmt.Sprintf("https://%s/flow/confirm?code=%s", viper.GetString("domain"), token.Code)
|
||||
subject = fmt.Sprintf("[%s] Confirm your registration", viper.GetString("name"))
|
||||
content = fmt.Sprintf(
|
||||
ConfirmRegistrationTemplate,
|
||||
@ -84,6 +99,16 @@ func NotifyMagicToken(token models.MagicToken) error {
|
||||
link,
|
||||
viper.GetString("maintainer"),
|
||||
)
|
||||
case models.ResetPasswordMagicToken:
|
||||
link := fmt.Sprintf("https://%s/flow/password-reset?code=%s", viper.GetString("domain"), token.Code)
|
||||
subject = fmt.Sprintf("[%s] Reset your password", viper.GetString("name"))
|
||||
content = fmt.Sprintf(
|
||||
ResetPasswordTemplate,
|
||||
user.Name,
|
||||
viper.GetString("name"),
|
||||
link,
|
||||
viper.GetString("maintainer"),
|
||||
)
|
||||
default:
|
||||
return fmt.Errorf("unsupported magic token type to notify")
|
||||
}
|
||||
|
Reference in New Issue
Block a user