controllers/users_controller.go

package controllers

import (
	"crypto/rand"
	"encoding/base64"
	"net/http"

	"github.com/gin-gonic/gin"
	"gitlab.com/pactual1/backend/database/user"
	"gitlab.com/pactual1/backend/models"
	"gitlab.com/pactual1/backend/services/messaging"
	"gitlab.com/pactual1/backend/shared"
	"golang.org/x/crypto/bcrypt"
)

func ResetPassword(c *gin.Context) {
	var req models.ResetPasswordRequest
	if err := c.ShouldBindJSON(&req); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
		return
	}

	dbUser, err := user.GetUserByEmail(req.Email)
	if err != nil {
		c.JSON(http.StatusNotFound, gin.H{"error": "User not found"})
		return
	}

	resetToken, err := GenerateResetToken()

	if err != nil {
		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
		return
	}

	err = user.SaveResetTokenToDB(dbUser.ID, resetToken)
	if err != nil {
		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
		return
	}

	subject := "Password Reset Request"
	body := "Here is your password reset link: https://pactualdev.com/setNewPassword?token=" + resetToken
	email := models.EmailNotification{Body: body, Subject: subject, Email: dbUser.Email}

	go func(email models.EmailNotification) {

		emailChannel := messaging.GetEmailChannel()
		emailChannel <- email

	}(email)

	c.JSON(http.StatusOK, gin.H{"message": "Reset email sent"})
}

func GenerateResetToken() (string, error) {
	// Generate 32 random bytes (256 bits)
	randomBytes := make([]byte, 32)
	_, err := rand.Read(randomBytes)
	if err != nil {
		return "", err // return an error if there was one
	}

	// Encode the random bytes into a URL-safe base64 string
	resetToken := base64.URLEncoding.EncodeToString(randomBytes)

	return resetToken, nil
}

func UpdatePassword(c *gin.Context) {
	var req models.UpdatePasswordRequest
	if err := c.ShouldBindJSON(&req); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
		return
	}

	// Find the PasswordTokens entry
	var passwordToken models.PasswordTokens
	if err := shared.GetDb().Where("token = ?", req.Token).First(&passwordToken).Error; err != nil {
		c.JSON(http.StatusNotFound, gin.H{"error": "Invalid token"})
		return
	}

	// Find the associated User
	var user models.User
	if err := shared.GetDb().Where("id = ?", passwordToken.UserID).First(&user).Error; err != nil {
		c.JSON(http.StatusNotFound, gin.H{"error": "User not found"})
		return
	}

	// Hash the password before saving it
	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
	if err != nil {
		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
		return
	}

	// Update the user's password and set them as active
	user.Password = string(hashedPassword)
	user.IsActive = true
	if err := shared.GetDb().Save(&user).Error; err != nil {
		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
		return
	}

	// Delete the PasswordTokens entry
	if err := shared.GetDb().Delete(&passwordToken).Error; err != nil {
		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
		return
	}

	c.JSON(http.StatusOK, gin.H{"message": "Password updated successfully"})
}
Added reset password route 2023-10-30 19:21:43 +01:00			`package controllers`

			`import (`
			`"crypto/rand"`
			`"encoding/base64"`
			`"net/http"`

			`"github.com/gin-gonic/gin"`
			`"gitlab.com/pactual1/backend/database/user"`
			`"gitlab.com/pactual1/backend/models"`
			`"gitlab.com/pactual1/backend/services/messaging"`
			`"gitlab.com/pactual1/backend/shared"`
			`"golang.org/x/crypto/bcrypt"`
			`)`

			`func ResetPassword(c *gin.Context) {`
			`var req models.ResetPasswordRequest`
			`if err := c.ShouldBindJSON(&req); err != nil {`
			`c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})`
			`return`
			`}`

			`dbUser, err := user.GetUserByEmail(req.Email)`
			`if err != nil {`
			`c.JSON(http.StatusNotFound, gin.H{"error": "User not found"})`
			`return`
			`}`

			`resetToken, err := GenerateResetToken()`

			`if err != nil {`
			`c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})`
			`return`
			`}`

			`err = user.SaveResetTokenToDB(dbUser.ID, resetToken)`
			`if err != nil {`
			`c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})`
			`return`
			`}`

			`subject := "Password Reset Request"`
			`body := "Here is your password reset link: https://pactualdev.com/setNewPassword?token=" + resetToken`
			`email := models.EmailNotification{Body: body, Subject: subject, Email: dbUser.Email}`

			`go func(email models.EmailNotification) {`

			`emailChannel := messaging.GetEmailChannel()`
			`emailChannel <- email`

			`}(email)`

			`c.JSON(http.StatusOK, gin.H{"message": "Reset email sent"})`
			`}`

			`func GenerateResetToken() (string, error) {`
			`// Generate 32 random bytes (256 bits)`
			`randomBytes := make([]byte, 32)`
			`_, err := rand.Read(randomBytes)`
			`if err != nil {`
			`return "", err // return an error if there was one`
			`}`

			`// Encode the random bytes into a URL-safe base64 string`
			`resetToken := base64.URLEncoding.EncodeToString(randomBytes)`

			`return resetToken, nil`
			`}`

			`func UpdatePassword(c *gin.Context) {`
			`var req models.UpdatePasswordRequest`
			`if err := c.ShouldBindJSON(&req); err != nil {`
			`c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})`
			`return`
			`}`

			`// Find the PasswordTokens entry`
			`var passwordToken models.PasswordTokens`
			`if err := shared.GetDb().Where("token = ?", req.Token).First(&passwordToken).Error; err != nil {`
			`c.JSON(http.StatusNotFound, gin.H{"error": "Invalid token"})`
			`return`
			`}`

			`// Find the associated User`
			`var user models.User`
			`if err := shared.GetDb().Where("id = ?", passwordToken.UserID).First(&user).Error; err != nil {`
			`c.JSON(http.StatusNotFound, gin.H{"error": "User not found"})`
			`return`
			`}`

			`// Hash the password before saving it`
			`hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)`
			`if err != nil {`
			`c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})`
			`return`
			`}`

			`// Update the user's password and set them as active`
			`user.Password = string(hashedPassword)`
			`user.IsActive = true`
			`if err := shared.GetDb().Save(&user).Error; err != nil {`
			`c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})`
			`return`
			`}`

			`// Delete the PasswordTokens entry`
			`if err := shared.GetDb().Delete(&passwordToken).Error; err != nil {`
			`c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})`
			`return`
			`}`

			`c.JSON(http.StatusOK, gin.H{"message": "Password updated successfully"})`
			`}`