diff --git a/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor b/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor similarity index 71% rename from ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor rename to ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor index b2e5edf..27a2051 100644 --- a/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor +++ b/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor @@ -39,18 +39,36 @@ public async void reset() { if (!int.TryParse(userid, out _)) - return; - var user = await UsersRepository.getUserByIdAsync(int.Parse(userid)); - if (user == null) - return; - if (user.ResetPasswordToken != hash) { + msg = "malformed userid."; return; } Console.WriteLine("Resetting a password..."); + var user = await UsersRepository.getUserByIdAsync(int.Parse(userid)); + if (user == null) + { + msg = "This user does not exist."; + return; + } + if (user.ResetPasswordToken != hash) + { + msg = "The token does not match the account."; + return; + } + if (user.ResetPasswordExpiresAt == -1 || user.ResetPasswordToken == "-1") + { + msg = "There is currently no valid link to reset this accounts password."; + return; + } + if (user.ResetPasswordExpiresAt < DateTimeOffset.Now.ToUnixTimeMilliseconds()) + { + msg = "This link has expired."; + return; + } user.Password = Password = BCrypt.Net.BCrypt.HashPassword(Password); user.ResetPasswordToken = "-1"; + user.ResetPasswordExpiresAt = -1; await UsersRepository.updateUserAsync(user); diff --git a/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor.css b/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor.css similarity index 100% rename from ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor.css rename to ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor.css