skeleton for completing reset procedure

data/datamysql/passwordreset.go

@@ -113,13 +113,18 @@ func (c *passwordResetRepo) SetTokenOpened(token string) error {
 	const (
 		query = `UPDATE		tab_password_reset   a
 				 SET		a.opened	=   1,
-				 WHERE  	a.token     = ? AND a.used = 0`
+				 WHERE  	a.token     = ? AND a.used = 0 AND a.expire_date < CURRENT_TIMESTAMP`
 	)
 
-	if _, err := c.conn.Exec(query, token); err != nil {
+	result, err := c.conn.Exec(query, token)
+	if err != nil {
 		return err
 	}
 
+	if updateCount, err := result.RowsAffected(); err != nil || updateCount == 0 {
+		return fmt.Errorf("Invalid token")
+	}
+
 	return nil
 }
 

server/router/passwordresetroute/controller.go

@@ -101,22 +101,21 @@ func (c *controller) handleResetRequest(ctx echo.Context) error {
 }
 
 func (c *controller) handleResetComplete(ctx echo.Context) error {
-	/*
+	userToken, err := routeutils.GetAndValidateStringParam(ctx, "token", "mandatory field")
-		userEmail, err := routeutils.GetAndValidateStringParam(ctx, "email", "mandatory field")
+	if err != nil {
-		if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
-			return routeutils.HandleAPIError(ctx, err)
+	}
-		}
 
-		//find if user with email exists
+	var user viewmodel.User
-		user, err := c.svc.Users.GetByEmail(userEmail)
+	if err = ctx.Bind(&user); err != nil {
-		if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
-			return routeutils.HandleAPIError(ctx, err)
+	}
-		}
 
-		//create and store reset token
+	//get full user data connecting user ID and token in password reset table
 
-		//send email with reset link
+	//write new password in database
-	*/
+
+	//set token used
 
 	return routeutils.ResponseAPIOK(ctx, nil)
 }

server/router/passwordresetroute/router.go

@@ -8,7 +8,7 @@ import (
 
 const (
 	resetRequest  = "/request/:email"
-	resetComplete = "/complete"
+	resetComplete = "/complete/:token"
 	tokenOpen     = "/open/:token"
 )