Added reset password route

controllers/users_controller.go

@@ -0,0 +1,113 @@
+package controllers
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"gitlab.com/pactual1/backend/database/user"
+	"gitlab.com/pactual1/backend/models"
+	"gitlab.com/pactual1/backend/services/messaging"
+	"gitlab.com/pactual1/backend/shared"
+	"golang.org/x/crypto/bcrypt"
+)
+
+func ResetPassword(c *gin.Context) {
+	var req models.ResetPasswordRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	dbUser, err := user.GetUserByEmail(req.Email)
+	if err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "User not found"})
+		return
+	}
+
+	resetToken, err := GenerateResetToken()
+
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	err = user.SaveResetTokenToDB(dbUser.ID, resetToken)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	subject := "Password Reset Request"
+	body := "Here is your password reset link: https://pactualdev.com/setNewPassword?token=" + resetToken
+	email := models.EmailNotification{Body: body, Subject: subject, Email: dbUser.Email}
+
+	go func(email models.EmailNotification) {
+
+		emailChannel := messaging.GetEmailChannel()
+		emailChannel <- email
+
+	}(email)
+
+	c.JSON(http.StatusOK, gin.H{"message": "Reset email sent"})
+}
+
+func GenerateResetToken() (string, error) {
+	// Generate 32 random bytes (256 bits)
+	randomBytes := make([]byte, 32)
+	_, err := rand.Read(randomBytes)
+	if err != nil {
+		return "", err // return an error if there was one
+	}
+
+	// Encode the random bytes into a URL-safe base64 string
+	resetToken := base64.URLEncoding.EncodeToString(randomBytes)
+
+	return resetToken, nil
+}
+
+func UpdatePassword(c *gin.Context) {
+	var req models.UpdatePasswordRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Find the PasswordTokens entry
+	var passwordToken models.PasswordTokens
+	if err := shared.GetDb().Where("token = ?", req.Token).First(&passwordToken).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "Invalid token"})
+		return
+	}
+
+	// Find the associated User
+	var user models.User
+	if err := shared.GetDb().Where("id = ?", passwordToken.UserID).First(&user).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "User not found"})
+		return
+	}
+
+	// Hash the password before saving it
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Update the user's password and set them as active
+	user.Password = string(hashedPassword)
+	user.IsActive = true
+	if err := shared.GetDb().Save(&user).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Delete the PasswordTokens entry
+	if err := shared.GetDb().Delete(&passwordToken).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "Password updated successfully"})
+}