complete password reset

server/router/passwordresetroute/controller.go

@@ -115,33 +115,33 @@ func (c *controller) handleResetComplete(ctx echo.Context) error {
 	}
 
 	if len(strings.TrimSpace(user.Pass)) < 1 {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "No password")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "No password")
 	}
 
 	passwordResetEntry, err := c.svc.PasswordReset.GetByToken(userToken)
 	if err != nil || len(passwordResetEntry.Token) < 1 || passwordResetEntry.Expires.Before(time.Now()) || passwordResetEntry.Used == true {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "Token error")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Token error")
 	}
 
 	fullUserData, err := c.svc.Users.GetByUUID(passwordResetEntry.User.ID, "")
 	if err != nil {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "User problem")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "User error")
 	}
 
-	fmt.Println(fullUserData)
-
-	//write new password in database
-	//TODO
+	fullUserData.Pass = user.Pass //user contains just password sent from reset form
+	if err = c.svc.Users.UpdateLoginPassword(fullUserData); err != nil {
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Error updating password")
+	}
 
 	if err := c.svc.PasswordReset.SetTokenUsed(userToken); err != nil {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "Reset failed")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Reset failed")
 	}
 
 	//Send email with reset link
 	notification := viewmodel.Notification{
 		Type:    applicationservice.NotificationTypeEmail,
 		From:    c.cfg.Email.Sender,
-		To:      *user.Email,
+		To:      *fullUserData.Email,
 		Subject: passwordResetCompleteEmailSubject,
 		Message: passwordResetCompleteEmailBody,
 	}