From 22e9090057ff34ad8d5a21713a5ba9ee11bcdf84 Mon Sep 17 00:00:00 2001
From: limited_dev <loginakkisativ@gmail.com>
Date: Mon, 12 Jun 2023 12:11:48 +0200
Subject: [PATCH] feat: added checks to PasswordReset chore: renamed
 ClickOnReset to ClickOnResetPassword

Signed-off-by: limited_dev <loginakkisativ@gmail.com>
---
 ...Reset.razor => ClickOnResetPassword.razor} | 28 +++++++++++++++----
 ...zor.css => ClickOnResetPassword.razor.css} |  0
 2 files changed, 23 insertions(+), 5 deletions(-)
 rename ImageBoardServerApp/Pages/Accounts/ClickOn/{ClickOnReset.razor => ClickOnResetPassword.razor} (71%)
 rename ImageBoardServerApp/Pages/Accounts/ClickOn/{ClickOnReset.razor.css => ClickOnResetPassword.razor.css} (100%)

diff --git a/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor b/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor
similarity index 71%
rename from ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor
rename to ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor
index b2e5edf..27a2051 100644
--- a/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor
+++ b/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor
@@ -39,18 +39,36 @@
     public async void reset()
     {
         if (!int.TryParse(userid, out _))
-            return;
-        var user = await UsersRepository.getUserByIdAsync(int.Parse(userid));
-        if (user == null)
-            return;
-        if (user.ResetPasswordToken != hash)
         {
+            msg = "malformed userid.";
             return;
         }
         Console.WriteLine("Resetting a password...");
+        var user = await UsersRepository.getUserByIdAsync(int.Parse(userid));
+        if (user == null)
+        {
+            msg = "This user does not exist.";
+            return;
+        }
+        if (user.ResetPasswordToken != hash)
+        {
+            msg = "The token does not match the account.";
+            return;
+        }
+        if (user.ResetPasswordExpiresAt == -1 || user.ResetPasswordToken == "-1")
+        {
+            msg = "There is currently no valid link to reset this accounts password.";
+            return;
+        }
+        if (user.ResetPasswordExpiresAt < DateTimeOffset.Now.ToUnixTimeMilliseconds())
+        {
+            msg = "This link has expired.";
+            return;
+        }
 
         user.Password = Password = BCrypt.Net.BCrypt.HashPassword(Password);
         user.ResetPasswordToken = "-1";
+        user.ResetPasswordExpiresAt = -1;
 
         await UsersRepository.updateUserAsync(user);
 
diff --git a/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor.css b/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor.css
similarity index 100%
rename from ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnReset.razor.css
rename to ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor.css