fix reset password

bkawk · Feb 5, 2023 · b983309 · b983309
1 parent 55bb111
commit b983309
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 7 deletions.
diff --git a/api/handlers/forgotPassword.go b/api/handlers/forgotPassword.go
@@ -3,6 +3,7 @@ package handlers
 import (
 	"bkawk/go-echo/api/emails"
 	"bkawk/go-echo/api/models"
+	"bkawk/go-echo/api/utils"
 	"context"
 	"fmt"
 	"net/http"
@@ -49,6 +50,14 @@ func ForgotPasswordPost(c echo.Context) error {
 	if resetEmailUrl == "" {
 		return fmt.Errorf("environment variable not set: VERIFY_URL")
 	}
+
+	// Generate a PasswordResetToken prefixed with "rst_"
+	prtCode, err := utils.GenerateUUID()
+	if err != nil {
+		return c.JSON(http.StatusInternalServerError, echo.Map{"error": "Failed to generate user ID"})
+	}
+	user.PasswordResetToken = "rst_" + prtCode
+
 	// Send welcome email
 	emailError := emails.SendResetPasswordEmail(u.Email, resetEmailUrl+"?verificationCode="+u.PasswordResetToken)
 	if emailError != nil {

diff --git a/api/handlers/resetPassword.go b/api/handlers/resetPassword.go
@@ -2,7 +2,9 @@ package handlers
 
 import (
 	"context"
+	"fmt"
 	"net/http"
+	"os"
 	"time"
 
 	"bkawk/go-echo/api/models"
@@ -16,9 +18,14 @@ import (
 // RegisterEndpoint handles user registration requests
 func ResetPasswordPost(c echo.Context) error {
 	var err error
-	passwordResetToken := c.FormValue("passwordResetToken")
-	newPassword := c.FormValue("newPassword")
-	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
+
+	// Validate input
+	u := new(models.User)
+	if err := c.Bind(u); err != nil {
+		return c.JSON(http.StatusInternalServerError, echo.Map{"error": "Failed to bind request body"})
+	}
+
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(os.Getenv("BCRYPT_PASSWORD")), bcrypt.DefaultCost)
 	if err != nil {
 		return c.String(http.StatusBadRequest, "Failed to hash password")
 	}
@@ -32,7 +39,8 @@ func ResetPasswordPost(c echo.Context) error {
 
 	// Find the user document with the password reset token
 	var user models.User
-	err = collection.FindOne(ctx, bson.M{"passwordResetToken": passwordResetToken}).Decode(&user)
+	fmt.Println(u.PasswordResetToken)
+	err = collection.FindOne(ctx, bson.M{"passwordResetToken": u.PasswordResetToken}).Decode(&user)
 	if err != nil {
 		if err == mongo.ErrNoDocuments {
 			return c.String(http.StatusBadRequest, "Invalid password reset token")
@@ -48,12 +56,12 @@ func ResetPasswordPost(c echo.Context) error {
 	}
 
 	// Update the user document with the new password
-	filter := bson.M{"passwordResetToken": passwordResetToken}
+	filter := bson.M{"passwordResetToken": u.PasswordResetToken}
 	var update bson.M
 	if time.Now().Unix()-forgotPassword > 5*60 {
-		update = bson.M{"$set": bson.M{"password": hashedPassword}, "$unset": bson.M{"passwordResetToken": ""}}
+		update = bson.M{"$set": bson.M{"password": string(hashedPassword)}, "$unset": bson.M{"passwordResetToken": ""}}
 	} else {
-		update = bson.M{"$set": bson.M{"password": hashedPassword}}
+		update = bson.M{"$set": bson.M{"password": string(hashedPassword)}}
 	}
 	_, err = collection.UpdateOne(ctx, filter, update)
 	if err != nil {

diff --git a/api/handlers/resetPassword.http b/api/handlers/resetPassword.http
@@ -0,0 +1,9 @@
+   # Your request headers, e.g.
+    POST http://localhost:8080/reset-password
+    Content-Type: application/json
+
+    # The request body, if any
+    {
+        "passwordResetToken": "rst_f599e7fb-3be2-41c2-863e-0966d059c9b9",
+        "newPassword": "This1sMyP@ssword!"
+    }