lemmy/crates/api/src/local_user/reset_password.rs

use crate::local_user::check_email_verified;
use actix_web::web::{Data, Json};
use lemmy_api_common::{
  context::LemmyContext,
  person::PasswordReset,
  utils::send_password_reset_email,
  SuccessResponse,
};
use lemmy_db_schema::source::password_reset_request::PasswordResetRequest;
use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_utils::error::{LemmyErrorType, LemmyResult};

#[tracing::instrument(skip(context))]
pub async fn reset_password(
  data: Json<PasswordReset>,
  context: Data<LemmyContext>,
) -> LemmyResult<Json<SuccessResponse>> {
  // Fetch that email
  let email = data.email.to_lowercase();
  let local_user_view = LocalUserView::find_by_email(&mut context.pool(), &email)
    .await?
    .ok_or(LemmyErrorType::IncorrectLogin)?;

  // Check for too many attempts (to limit potential abuse)
  let recent_resets_count = PasswordResetRequest::get_recent_password_resets_count(
    &mut context.pool(),
    local_user_view.local_user.id,
  )
  .await?;
  if recent_resets_count >= 3 {
    Err(LemmyErrorType::PasswordResetLimitReached)?
  }
  let site_view = SiteView::read_local(&mut context.pool())
    .await?
    .ok_or(LemmyErrorType::LocalSiteNotSetup)?;
  check_email_verified(&local_user_view, &site_view)?;

  // Email the pure token to the user.
  send_password_reset_email(&local_user_view, &mut context.pool(), context.settings()).await?;
  Ok(Json(SuccessResponse::default()))
}
Require verified email to reset password (#4482) 2024-02-29 14:12:45 +00:00			`use crate::local_user::check_email_verified;`
Get rid of remaining Perform/SendActivity traits (fixes #3670) (#3926) * Get rid of remaining Perform/SendActivity traits (fixes #3670) * fix api tests * ci 2023-09-05 09:33:46 +00:00			`use actix_web::web::{Data, Json};`
Split apart api files (#2216) 2022-04-13 18:12:25 +00:00			`use lemmy_api_common::{`
Add SendActivity trait so that api crates compile in parallel with lemmy_apub 2022-11-28 14:29:33 +00:00			`context::LemmyContext,`
Remove empty API responses (#3993) * Remove empty API responses * also remove change password response * fix invalidate * Run clippy. * Fixing api_test lints. --------- Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-10-16 16:36:53 +00:00			`person::PasswordReset,`
Add diesel_async, get rid of blocking function (#2510) * Moving settings to Database. - Moves many settings into the database. Fixes #2285 - Adds a local_site and instance table. Fixes #2365 . Fixes #2368 - Separates SQL update an insert forms, to avoid runtime errors. - Adds TypedBuilder to all the SQL forms, instead of default. * Fix weird clippy issue. * Removing extra lines. * Some fixes from suggestions. * Fixing apub tests. * Using instance creation helper function. * Move forms to their own line. * Trying to fix local_site_data, still broken. * Testing out async * Testing out async 2 * Fixing federation tests. * Trying to fix check features 1. * Starting on adding diesel async. 1/4th done. * Added async to views and schema. * Adding some more async * Compiling now. * Added diesel async. Fixes #2465 * Running clippy --fix * Trying to fix cargo test on drone. * Trying new muslrust. * Trying a custom dns * Trying a custom dns 2 * Trying a custom dns 3 * Trying a custom dns 4 * Trying a custom dns 5 * Trying a custom dns 6 * Trying a custom dns 7 * Addressing PR comments. * Adding check_apub to all verify functions. * Reverting back drone. * Fixing merge * Fix docker images. * Adding missing discussion_languages. * Trying to fix federation tests. * Fix site setup user creation. * Fix clippy * Fix clippy 2 * Test api faster * Try to fix 1 * Try to fix 2 * What are these lines about * Trying to fix 3 * Moving federation test back to top. * Remove logging cat. 2022-11-09 10:05:00 +00:00			`utils::send_password_reset_email,`
Remove empty API responses (#3993) * Remove empty API responses * also remove change password response * fix invalidate * Run clippy. * Fixing api_test lints. --------- Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-10-16 16:36:53 +00:00			`SuccessResponse,`
Split apart api files (#2216) 2022-04-13 18:12:25 +00:00			`};`
Limit password resets (#3344) 2023-06-27 09:20:53 +00:00			`use lemmy_db_schema::source::password_reset_request::PasswordResetRequest;`
Require verified email to reset password (#4482) 2024-02-29 14:12:45 +00:00			`use lemmy_db_views::structs::{LocalUserView, SiteView};`
Make all single-fetch database calls return an Option. (#4617) - Diesel ordinarily throws an error when no results are returned for a single fetch, which is a bit confusing. This PR ensures that the missing value cases are all caught, and wrapped with new LemmyErrors, rather than diesel errors. - Fixes #4601 2024-04-16 12:48:15 +00:00			`use lemmy_utils::error::{LemmyErrorType, LemmyResult};`
Split apart api files (#2216) 2022-04-13 18:12:25 +00:00
Get rid of remaining Perform/SendActivity traits (fixes #3670) (#3926) * Get rid of remaining Perform/SendActivity traits (fixes #3670) * fix api tests * ci 2023-09-05 09:33:46 +00:00			`#[tracing::instrument(skip(context))]`
			`pub async fn reset_password(`
			`data: Json<PasswordReset>,`
			`context: Data<LemmyContext>,`
Remove empty API responses (#3993) * Remove empty API responses * also remove change password response * fix invalidate * Run clippy. * Fixing api_test lints. --------- Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-10-16 16:36:53 +00:00			`) -> LemmyResult<Json<SuccessResponse>> {`
Get rid of remaining Perform/SendActivity traits (fixes #3670) (#3926) * Get rid of remaining Perform/SendActivity traits (fixes #3670) * fix api tests * ci 2023-09-05 09:33:46 +00:00			`// Fetch that email`
			`let email = data.email.to_lowercase();`
			`let local_user_view = LocalUserView::find_by_email(&mut context.pool(), &email)`
Make all single-fetch database calls return an Option. (#4617) - Diesel ordinarily throws an error when no results are returned for a single fetch, which is a bit confusing. This PR ensures that the missing value cases are all caught, and wrapped with new LemmyErrors, rather than diesel errors. - Fixes #4601 2024-04-16 12:48:15 +00:00			`.await?`
			`.ok_or(LemmyErrorType::IncorrectLogin)?;`
Split apart api files (#2216) 2022-04-13 18:12:25 +00:00
Get rid of remaining Perform/SendActivity traits (fixes #3670) (#3926) * Get rid of remaining Perform/SendActivity traits (fixes #3670) * fix api tests * ci 2023-09-05 09:33:46 +00:00			`// Check for too many attempts (to limit potential abuse)`
			`let recent_resets_count = PasswordResetRequest::get_recent_password_resets_count(`
			`&mut context.pool(),`
			`local_user_view.local_user.id,`
			`)`
			`.await?;`
			`if recent_resets_count >= 3 {`
			`Err(LemmyErrorType::PasswordResetLimitReached)?`
Split apart api files (#2216) 2022-04-13 18:12:25 +00:00			`}`
Make all single-fetch database calls return an Option. (#4617) - Diesel ordinarily throws an error when no results are returned for a single fetch, which is a bit confusing. This PR ensures that the missing value cases are all caught, and wrapped with new LemmyErrors, rather than diesel errors. - Fixes #4601 2024-04-16 12:48:15 +00:00			`let site_view = SiteView::read_local(&mut context.pool())`
			`.await?`
			`.ok_or(LemmyErrorType::LocalSiteNotSetup)?;`
Require verified email to reset password (#4482) 2024-02-29 14:12:45 +00:00			`check_email_verified(&local_user_view, &site_view)?;`
Get rid of remaining Perform/SendActivity traits (fixes #3670) (#3926) * Get rid of remaining Perform/SendActivity traits (fixes #3670) * fix api tests * ci 2023-09-05 09:33:46 +00:00
			`// Email the pure token to the user.`
			`send_password_reset_email(&local_user_view, &mut context.pool(), context.settings()).await?;`
Remove empty API responses (#3993) * Remove empty API responses * also remove change password response * fix invalidate * Run clippy. * Fixing api_test lints. --------- Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Dessalines <dessalines@users.noreply.github.com> 2023-10-16 16:36:53 +00:00			`Ok(Json(SuccessResponse::default()))`
Split apart api files (#2216) 2022-04-13 18:12:25 +00:00			`}`