feat: added checks to PasswordReset
chore: renamed ClickOnReset to ClickOnResetPassword Signed-off-by: limited_dev <loginakkisativ@gmail.com>
This commit is contained in:
parent
e8e97b2cd9
commit
22e9090057
2 changed files with 23 additions and 5 deletions
|
|
@ -39,18 +39,36 @@
|
||||||
public async void reset()
|
public async void reset()
|
||||||
{
|
{
|
||||||
if (!int.TryParse(userid, out _))
|
if (!int.TryParse(userid, out _))
|
||||||
return;
|
|
||||||
var user = await UsersRepository.getUserByIdAsync(int.Parse(userid));
|
|
||||||
if (user == null)
|
|
||||||
return;
|
|
||||||
if (user.ResetPasswordToken != hash)
|
|
||||||
{
|
{
|
||||||
|
msg = "malformed userid.";
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
Console.WriteLine("Resetting a password...");
|
Console.WriteLine("Resetting a password...");
|
||||||
|
var user = await UsersRepository.getUserByIdAsync(int.Parse(userid));
|
||||||
|
if (user == null)
|
||||||
|
{
|
||||||
|
msg = "This user does not exist.";
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (user.ResetPasswordToken != hash)
|
||||||
|
{
|
||||||
|
msg = "The token does not match the account.";
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (user.ResetPasswordExpiresAt == -1 || user.ResetPasswordToken == "-1")
|
||||||
|
{
|
||||||
|
msg = "There is currently no valid link to reset this accounts password.";
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (user.ResetPasswordExpiresAt < DateTimeOffset.Now.ToUnixTimeMilliseconds())
|
||||||
|
{
|
||||||
|
msg = "This link has expired.";
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
user.Password = Password = BCrypt.Net.BCrypt.HashPassword(Password);
|
user.Password = Password = BCrypt.Net.BCrypt.HashPassword(Password);
|
||||||
user.ResetPasswordToken = "-1";
|
user.ResetPasswordToken = "-1";
|
||||||
|
user.ResetPasswordExpiresAt = -1;
|
||||||
|
|
||||||
await UsersRepository.updateUserAsync(user);
|
await UsersRepository.updateUserAsync(user);
|
||||||
|
|
||||||
Loading…
Reference in a new issue