From b983309dc33760945f142b510840f11a88abedf7 Mon Sep 17 00:00:00 2001 From: bkawk Date: Sun, 5 Feb 2023 21:50:16 +0000 Subject: [PATCH] fix reset password --- api/handlers/forgotPassword.go | 9 +++++++++ api/handlers/resetPassword.go | 22 +++++++++++++++------- api/handlers/resetPassword.http | 9 +++++++++ 3 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 api/handlers/resetPassword.http diff --git a/api/handlers/forgotPassword.go b/api/handlers/forgotPassword.go index 53c4cb5..388ee99 100644 --- a/api/handlers/forgotPassword.go +++ b/api/handlers/forgotPassword.go @@ -3,6 +3,7 @@ package handlers import ( "bkawk/go-echo/api/emails" "bkawk/go-echo/api/models" + "bkawk/go-echo/api/utils" "context" "fmt" "net/http" @@ -49,6 +50,14 @@ func ForgotPasswordPost(c echo.Context) error { if resetEmailUrl == "" { return fmt.Errorf("environment variable not set: VERIFY_URL") } + + // Generate a PasswordResetToken prefixed with "rst_" + prtCode, err := utils.GenerateUUID() + if err != nil { + return c.JSON(http.StatusInternalServerError, echo.Map{"error": "Failed to generate user ID"}) + } + user.PasswordResetToken = "rst_" + prtCode + // Send welcome email emailError := emails.SendResetPasswordEmail(u.Email, resetEmailUrl+"?verificationCode="+u.PasswordResetToken) if emailError != nil { diff --git a/api/handlers/resetPassword.go b/api/handlers/resetPassword.go index 1ccb906..72c1e7b 100644 --- a/api/handlers/resetPassword.go +++ b/api/handlers/resetPassword.go @@ -2,7 +2,9 @@ package handlers import ( "context" + "fmt" "net/http" + "os" "time" "bkawk/go-echo/api/models" @@ -16,9 +18,14 @@ import ( // RegisterEndpoint handles user registration requests func ResetPasswordPost(c echo.Context) error { var err error - passwordResetToken := c.FormValue("passwordResetToken") - newPassword := c.FormValue("newPassword") - hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost) + + // Validate input + u := new(models.User) + if err := c.Bind(u); err != nil { + return c.JSON(http.StatusInternalServerError, echo.Map{"error": "Failed to bind request body"}) + } + + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(os.Getenv("BCRYPT_PASSWORD")), bcrypt.DefaultCost) if err != nil { return c.String(http.StatusBadRequest, "Failed to hash password") } @@ -32,7 +39,8 @@ func ResetPasswordPost(c echo.Context) error { // Find the user document with the password reset token var user models.User - err = collection.FindOne(ctx, bson.M{"passwordResetToken": passwordResetToken}).Decode(&user) + fmt.Println(u.PasswordResetToken) + err = collection.FindOne(ctx, bson.M{"passwordResetToken": u.PasswordResetToken}).Decode(&user) if err != nil { if err == mongo.ErrNoDocuments { return c.String(http.StatusBadRequest, "Invalid password reset token") @@ -48,12 +56,12 @@ func ResetPasswordPost(c echo.Context) error { } // Update the user document with the new password - filter := bson.M{"passwordResetToken": passwordResetToken} + filter := bson.M{"passwordResetToken": u.PasswordResetToken} var update bson.M if time.Now().Unix()-forgotPassword > 5*60 { - update = bson.M{"$set": bson.M{"password": hashedPassword}, "$unset": bson.M{"passwordResetToken": ""}} + update = bson.M{"$set": bson.M{"password": string(hashedPassword)}, "$unset": bson.M{"passwordResetToken": ""}} } else { - update = bson.M{"$set": bson.M{"password": hashedPassword}} + update = bson.M{"$set": bson.M{"password": string(hashedPassword)}} } _, err = collection.UpdateOne(ctx, filter, update) if err != nil { diff --git a/api/handlers/resetPassword.http b/api/handlers/resetPassword.http new file mode 100644 index 0000000..504b427 --- /dev/null +++ b/api/handlers/resetPassword.http @@ -0,0 +1,9 @@ + # Your request headers, e.g. + POST http://localhost:8080/reset-password + Content-Type: application/json + + # The request body, if any + { + "passwordResetToken": "rst_f599e7fb-3be2-41c2-863e-0966d059c9b9", + "newPassword": "This1sMyP@ssword!" + } \ No newline at end of file