aboutsummaryrefslogtreecommitdiffstats
path: root/code/api/src/Endpoints/Internal/PasswordResetRequests
diff options
context:
space:
mode:
Diffstat (limited to 'code/api/src/Endpoints/Internal/PasswordResetRequests')
-rw-r--r--code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs32
-rw-r--r--code/api/src/Endpoints/Internal/PasswordResetRequests/IsResetRequestValidRoute.cs6
2 files changed, 8 insertions, 30 deletions
diff --git a/code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs b/code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs
index 49df35b..edf825e 100644
--- a/code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs
+++ b/code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs
@@ -1,6 +1,6 @@
namespace IOL.GreatOffice.Api.Endpoints.Internal.PasswordResetRequests;
-public class CreateResetRequestRoute : RouteBaseAsync.WithRequest<CreateResetRequestRoute.Payload>.WithActionResult
+public class CreateResetRequestRoute : RouteBaseAsync.WithRequest<string>.WithActionResult
{
private readonly ILogger<CreateResetRequestRoute> _logger;
private readonly PasswordResetService _passwordResetService;
@@ -12,34 +12,18 @@ public class CreateResetRequestRoute : RouteBaseAsync.WithRequest<CreateResetReq
_database = database;
}
- public class Payload
- {
- public string Username { get; set; }
- }
-
[AllowAnonymous]
[HttpPost("~/_/password-reset-request/create")]
- public override async Task<ActionResult> HandleAsync(Payload request, CancellationToken cancellationToken = default) {
- if (!request.Username.IsValidEmailAddress()) {
- _logger.LogInformation("Username is invalid, not doing request for password change");
- return KnownProblem("Invalid email address", request.Username + " looks like an invalid email address");
- }
-
+ public override async Task<ActionResult> HandleAsync([FromQuery(Name = "for_user")] string username, CancellationToken cancellationToken = default) {
var tz = GetRequestTimeZone(_logger);
_logger.LogInformation("Creating forgot password request with local date time: " + tz.LocalDateTime.ToString("u"));
- try {
- var user = _database.Users.SingleOrDefault(c => c.Username.Equals(request.Username));
- if (user != default) {
- await _passwordResetService.AddRequestAsync(user, tz.TimeZoneInfo, cancellationToken);
- return Ok();
- }
+ var user = _database.Users.FirstOrDefault(c => c.Username.Equals(username));
+ // Don't inform the caller that the user does not exist.
+ if (user == default) return Ok();
+
+ await _passwordResetService.AddRequestAsync(user, tz.TimeZoneInfo, cancellationToken);
- _logger.LogInformation("User was not found, not doing request for password change");
- return Ok();
- } catch (Exception e) {
- _logger.LogError(e, "_/password-reset-request/create threw an exception");
- return Ok();
- }
+ return Ok();
}
} \ No newline at end of file
diff --git a/code/api/src/Endpoints/Internal/PasswordResetRequests/IsResetRequestValidRoute.cs b/code/api/src/Endpoints/Internal/PasswordResetRequests/IsResetRequestValidRoute.cs
index 687cef6..1ad0f47 100644
--- a/code/api/src/Endpoints/Internal/PasswordResetRequests/IsResetRequestValidRoute.cs
+++ b/code/api/src/Endpoints/Internal/PasswordResetRequests/IsResetRequestValidRoute.cs
@@ -8,12 +8,6 @@ public class IsResetRequestValidRoute : RouteBaseAsync.WithRequest<Guid>.WithAct
_passwordResetService = passwordResetService;
}
- /// <summary>
- /// Check if a given password reset request is still valid.
- /// </summary>
- /// <param name="id"></param>
- /// <param name="cancellationToken"></param>
- /// <returns></returns>
[AllowAnonymous]
[HttpGet("~/_/password-reset-request/is-valid")]
public override async Task<ActionResult> HandleAsync(Guid id, CancellationToken cancellationToken = default) {
generated by cgit v1.3 (git 2.53.0) at 2026-04-02 09:52:16 +0200