From f61c8b084d75e8bf72132e425d1784bf0c04ad79 Mon Sep 17 00:00:00 2001
From: GotPPay <bilal.catic@hotmail.com>
Date: Fri, 1 Jun 2018 05:02:56 +0200
Subject: [PATCH] skeleton for completing reset procedure

---
 data/datamysql/passwordreset.go               |  9 +++++--
 .../router/passwordresetroute/controller.go   | 25 +++++++++----------
 server/router/passwordresetroute/router.go    |  2 +-
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/data/datamysql/passwordreset.go b/data/datamysql/passwordreset.go
index 619a8c2..bccd104 100644
--- a/data/datamysql/passwordreset.go
+++ b/data/datamysql/passwordreset.go
@@ -113,13 +113,18 @@ func (c *passwordResetRepo) SetTokenOpened(token string) error {
 	const (
 		query = `UPDATE		tab_password_reset   a
 				 SET		a.opened	=   1,
-				 WHERE  	a.token     = ? AND a.used = 0`
+				 WHERE  	a.token     = ? AND a.used = 0 AND a.expire_date < CURRENT_TIMESTAMP`
 	)
 
-	if _, err := c.conn.Exec(query, token); err != nil {
+	result, err := c.conn.Exec(query, token)
+	if err != nil {
 		return err
 	}
 
+	if updateCount, err := result.RowsAffected(); err != nil || updateCount == 0 {
+		return fmt.Errorf("Invalid token")
+	}
+
 	return nil
 }
 
diff --git a/server/router/passwordresetroute/controller.go b/server/router/passwordresetroute/controller.go
index f533bbc..af5d2f5 100644
--- a/server/router/passwordresetroute/controller.go
+++ b/server/router/passwordresetroute/controller.go
@@ -101,22 +101,21 @@ func (c *controller) handleResetRequest(ctx echo.Context) error {
 }
 
 func (c *controller) handleResetComplete(ctx echo.Context) error {
-	/*
-		userEmail, err := routeutils.GetAndValidateStringParam(ctx, "email", "mandatory field")
-		if err != nil {
-			return routeutils.HandleAPIError(ctx, err)
-		}
+	userToken, err := routeutils.GetAndValidateStringParam(ctx, "token", "mandatory field")
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
 
-		//find if user with email exists
-		user, err := c.svc.Users.GetByEmail(userEmail)
-		if err != nil {
-			return routeutils.HandleAPIError(ctx, err)
-		}
+	var user viewmodel.User
+	if err = ctx.Bind(&user); err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
 
-		//create and store reset token
+	//get full user data connecting user ID and token in password reset table
 
-		//send email with reset link
-	*/
+	//write new password in database
+
+	//set token used
 
 	return routeutils.ResponseAPIOK(ctx, nil)
 }
diff --git a/server/router/passwordresetroute/router.go b/server/router/passwordresetroute/router.go
index 6a3b269..115b872 100644
--- a/server/router/passwordresetroute/router.go
+++ b/server/router/passwordresetroute/router.go
@@ -8,7 +8,7 @@ import (
 
 const (
 	resetRequest  = "/request/:email"
-	resetComplete = "/complete"
+	resetComplete = "/complete/:token"
 	tokenOpen     = "/open/:token"
 )