aboutsummaryrefslogtreecommitdiffstats
path: root/code/api/src/Endpoints/Internal/PasswordResetRequests
diff options
context:
space:
mode:
Diffstat (limited to 'code/api/src/Endpoints/Internal/PasswordResetRequests')
-rw-r--r--code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs27
-rw-r--r--code/api/src/Endpoints/Internal/PasswordResetRequests/FulfillResetRequestRoute.cs13
2 files changed, 32 insertions, 8 deletions
diff --git a/code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs b/code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs
index edf825e..9a22ab3 100644
--- a/code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs
+++ b/code/api/src/Endpoints/Internal/PasswordResetRequests/CreateResetRequestRoute.cs
@@ -1,29 +1,42 @@
+using Microsoft.Extensions.Localization;
+
namespace IOL.GreatOffice.Api.Endpoints.Internal.PasswordResetRequests;
-public class CreateResetRequestRoute : RouteBaseAsync.WithRequest<string>.WithActionResult
+public class CreateResetRequestRoute : RouteBaseAsync.WithRequest<CreateResetRequestRoute.Payload>.WithActionResult
{
private readonly ILogger<CreateResetRequestRoute> _logger;
private readonly PasswordResetService _passwordResetService;
private readonly MainAppDatabase _database;
+ private readonly IStringLocalizer<SharedResources> _localizer;
- public CreateResetRequestRoute(ILogger<CreateResetRequestRoute> logger, PasswordResetService passwordResetService, MainAppDatabase database) {
+ public CreateResetRequestRoute(ILogger<CreateResetRequestRoute> logger, PasswordResetService passwordResetService, MainAppDatabase database, IStringLocalizer<SharedResources> localizer) {
_logger = logger;
_passwordResetService = passwordResetService;
_database = database;
+ _localizer = localizer;
+ }
+
+ public class Payload
+ {
+ public string Email { get; set; }
}
[AllowAnonymous]
[HttpPost("~/_/password-reset-request/create")]
- public override async Task<ActionResult> HandleAsync([FromQuery(Name = "for_user")] string username, CancellationToken cancellationToken = default) {
+ public override async Task<ActionResult> HandleAsync(Payload payload, CancellationToken cancellationToken = default) {
+ if (payload.Email.IsNullOrWhiteSpace()) {
+ return KnownProblem(_localizer["Invalid form"],
+ _localizer["One or more fields is invalid"],
+ new() {{"email", new string[] {_localizer["Email is a required field"]}}}
+ );
+ }
+
var tz = GetRequestTimeZone(_logger);
_logger.LogInformation("Creating forgot password request with local date time: " + tz.LocalDateTime.ToString("u"));
-
- var user = _database.Users.FirstOrDefault(c => c.Username.Equals(username));
+ var user = _database.Users.FirstOrDefault(c => c.Username.Equals(payload.Email));
// Don't inform the caller that the user does not exist.
if (user == default) return Ok();
-
await _passwordResetService.AddRequestAsync(user, tz.TimeZoneInfo, cancellationToken);
-
return Ok();
}
} \ No newline at end of file
diff --git a/code/api/src/Endpoints/Internal/PasswordResetRequests/FulfillResetRequestRoute.cs b/code/api/src/Endpoints/Internal/PasswordResetRequests/FulfillResetRequestRoute.cs
index c831470..8c7ce03 100644
--- a/code/api/src/Endpoints/Internal/PasswordResetRequests/FulfillResetRequestRoute.cs
+++ b/code/api/src/Endpoints/Internal/PasswordResetRequests/FulfillResetRequestRoute.cs
@@ -1,11 +1,15 @@
+using Microsoft.Extensions.Localization;
+
namespace IOL.GreatOffice.Api.Endpoints.Internal.PasswordResetRequests;
public class FulfillResetRequestRoute : RouteBaseAsync.WithRequest<FulfillResetRequestRoute.Payload>.WithActionResult
{
+ private readonly IStringLocalizer<SharedResources> _localizer;
private readonly PasswordResetService _passwordResetService;
- public FulfillResetRequestRoute(PasswordResetService passwordResetService) {
+ public FulfillResetRequestRoute(PasswordResetService passwordResetService, IStringLocalizer<SharedResources> localizer) {
_passwordResetService = passwordResetService;
+ _localizer = localizer;
}
public class Payload
@@ -17,6 +21,13 @@ public class FulfillResetRequestRoute : RouteBaseAsync.WithRequest<FulfillResetR
[AllowAnonymous]
[HttpPost("~/_/password-reset-request/fulfill")]
public override async Task<ActionResult> HandleAsync(Payload request, CancellationToken cancellationToken = default) {
+ if (request.NewPassword.Length < 6) {
+ return KnownProblem(_localizer["Invalid form"],
+ _localizer["One or more fields is invalid"],
+ new() {{"newPassword", new string[] {_localizer["The new password needs to be atleast 6 characters"]}}}
+ );
+ }
+
return await _passwordResetService.FulfillRequestAsync(request.Id, request.NewPassword, cancellationToken) switch {
FulfillPasswordResetRequestResult.REQUEST_NOT_FOUND => NotFound(),
FulfillPasswordResetRequestResult.USER_NOT_FOUND => NotFound(),
generated by cgit v1.3 (git 2.53.0) at 2026-04-02 09:57:19 +0200