2024-02-29 14:12:45 +00:00
|
|
|
use crate::local_user::check_email_verified;
|
2023-09-05 09:33:46 +00:00
|
|
|
use actix_web::web::{Data, Json};
|
2022-04-13 18:12:25 +00:00
|
|
|
use lemmy_api_common::{
|
2022-11-28 14:29:33 +00:00
|
|
|
context::LemmyContext,
|
2023-10-16 16:36:53 +00:00
|
|
|
person::PasswordReset,
|
2022-11-09 10:05:00 +00:00
|
|
|
utils::send_password_reset_email,
|
2023-10-16 16:36:53 +00:00
|
|
|
SuccessResponse,
|
2022-04-13 18:12:25 +00:00
|
|
|
};
|
2023-06-27 09:20:53 +00:00
|
|
|
use lemmy_db_schema::source::password_reset_request::PasswordResetRequest;
|
2024-02-29 14:12:45 +00:00
|
|
|
use lemmy_db_views::structs::{LocalUserView, SiteView};
|
2024-04-16 12:48:15 +00:00
|
|
|
use lemmy_utils::error::{LemmyErrorType, LemmyResult};
|
2022-04-13 18:12:25 +00:00
|
|
|
|
2023-09-05 09:33:46 +00:00
|
|
|
#[tracing::instrument(skip(context))]
|
|
|
|
pub async fn reset_password(
|
|
|
|
data: Json<PasswordReset>,
|
|
|
|
context: Data<LemmyContext>,
|
2023-10-16 16:36:53 +00:00
|
|
|
) -> LemmyResult<Json<SuccessResponse>> {
|
2023-09-05 09:33:46 +00:00
|
|
|
// Fetch that email
|
|
|
|
let email = data.email.to_lowercase();
|
|
|
|
let local_user_view = LocalUserView::find_by_email(&mut context.pool(), &email)
|
2024-04-16 12:48:15 +00:00
|
|
|
.await?
|
|
|
|
.ok_or(LemmyErrorType::IncorrectLogin)?;
|
2022-04-13 18:12:25 +00:00
|
|
|
|
2023-09-05 09:33:46 +00:00
|
|
|
// Check for too many attempts (to limit potential abuse)
|
|
|
|
let recent_resets_count = PasswordResetRequest::get_recent_password_resets_count(
|
|
|
|
&mut context.pool(),
|
|
|
|
local_user_view.local_user.id,
|
|
|
|
)
|
|
|
|
.await?;
|
|
|
|
if recent_resets_count >= 3 {
|
|
|
|
Err(LemmyErrorType::PasswordResetLimitReached)?
|
2022-04-13 18:12:25 +00:00
|
|
|
}
|
2024-04-16 12:48:15 +00:00
|
|
|
let site_view = SiteView::read_local(&mut context.pool())
|
|
|
|
.await?
|
|
|
|
.ok_or(LemmyErrorType::LocalSiteNotSetup)?;
|
2024-02-29 14:12:45 +00:00
|
|
|
check_email_verified(&local_user_view, &site_view)?;
|
2023-09-05 09:33:46 +00:00
|
|
|
|
|
|
|
// Email the pure token to the user.
|
|
|
|
send_password_reset_email(&local_user_view, &mut context.pool(), context.settings()).await?;
|
2023-10-16 16:36:53 +00:00
|
|
|
Ok(Json(SuccessResponse::default()))
|
2022-04-13 18:12:25 +00:00
|
|
|
}
|