server/handle_server_reset_password.go at email-auth-factor · willdot.net/cocoon

willdot.net / cocoon

An atproto PDS written in Go

cocoon / server / handle_server_reset_password.go

at email-auth-factor 1.7 kB view raw

 1package server
 2
 3import (
 4	"time"
 5
 6	"github.com/Azure/go-autorest/autorest/to"
 7	"github.com/haileyok/cocoon/internal/helpers"
 8	"github.com/haileyok/cocoon/models"
 9	"github.com/labstack/echo/v4"
10	"golang.org/x/crypto/bcrypt"
11)
12
13type ComAtprotoServerResetPasswordRequest struct {
14	Token    string `json:"token" validate:"required"`
15	Password string `json:"password" validate:"required"`
16}
17
18func (s *Server) handleServerResetPassword(e echo.Context) error {
19	ctx := e.Request().Context()
20	logger := s.logger.With("name", "handleServerResetPassword")
21
22	urepo := e.Get("repo").(*models.RepoActor)
23
24	var req ComAtprotoServerResetPasswordRequest
25	if err := e.Bind(&req); err != nil {
26		logger.Error("error binding", "error", err)
27		return helpers.ServerError(e, nil)
28	}
29
30	if err := e.Validate(req); err != nil {
31		return helpers.InputError(e, nil)
32	}
33
34	if urepo.PasswordResetCode == nil || urepo.PasswordResetCodeExpiresAt == nil {
35		return helpers.InputError(e, to.StringPtr("InvalidToken"))
36	}
37
38	if *urepo.PasswordResetCode != req.Token {
39		return helpers.InvalidTokenError(e)
40	}
41
42	if time.Now().UTC().After(*urepo.PasswordResetCodeExpiresAt) {
43		return helpers.ExpiredTokenError(e)
44	}
45
46	hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), 10)
47	if err != nil {
48		logger.Error("error creating hash", "error", err)
49		return helpers.ServerError(e, nil)
50	}
51
52	if err := s.db.Exec(ctx, "UPDATE repos SET password_reset_code = NULL, password_reset_code_expires_at = NULL, password = ? WHERE did = ?", nil, hash, urepo.Repo.Did).Error; err != nil {
53		logger.Error("error updating repo", "error", err)
54		return helpers.ServerError(e, nil)
55	}
56
57	return e.NoContent(200)
58}