feat: added checks to PasswordReset

chore: renamed ClickOnReset to ClickOnResetPassword Signed-off-by: limited_dev <loginakkisativ@gmail.com>
2023-06-12 12:11:48 +02:00 · 2023-06-12 12:11:48 +02:00 · 22e9090057
commit 22e9090057
parent e8e97b2cd9
2 changed files with 23 additions and 5 deletions
--- a/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor
+++ b/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor
@ -39,18 +39,36 @@
    public async void reset()
    {
        if (!int.TryParse(userid, out _))
-            return;
-        var user = await UsersRepository.getUserByIdAsync(int.Parse(userid));
-        if (user == null)
-            return;
-        if (user.ResetPasswordToken != hash)
        {
+            msg = "malformed userid.";
            return;
        }
        Console.WriteLine("Resetting a password...");
+        var user = await UsersRepository.getUserByIdAsync(int.Parse(userid));
+        if (user == null)
+        {
+            msg = "This user does not exist.";
+            return;
+        }
+        if (user.ResetPasswordToken != hash)
+        {
+            msg = "The token does not match the account.";
+            return;
+        }
+        if (user.ResetPasswordExpiresAt == -1 || user.ResetPasswordToken == "-1")
+        {
+            msg = "There is currently no valid link to reset this accounts password.";
+            return;
+        }
+        if (user.ResetPasswordExpiresAt < DateTimeOffset.Now.ToUnixTimeMilliseconds())
+        {
+            msg = "This link has expired.";
+            return;
+        }

        user.Password = Password = BCrypt.Net.BCrypt.HashPassword(Password);
        user.ResetPasswordToken = "-1";
+        user.ResetPasswordExpiresAt = -1;

        await UsersRepository.updateUserAsync(user);

--- a/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor.css
+++ b/ImageBoardServerApp/Pages/Accounts/ClickOn/ClickOnResetPassword.razor.css