lemmy/crates/api/src/local_user/reset_password.rs

36 lines
1.2 KiB
Rust
Raw Normal View History

use actix_web::web::{Data, Json};
2022-04-13 18:12:25 +00:00
use lemmy_api_common::{
context::LemmyContext,
2022-04-13 18:12:25 +00:00
person::{PasswordReset, PasswordResetResponse},
2022-11-09 10:05:00 +00:00
utils::send_password_reset_email,
2022-04-13 18:12:25 +00:00
};
2023-06-27 09:20:53 +00:00
use lemmy_db_schema::source::password_reset_request::PasswordResetRequest;
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
2022-04-13 18:12:25 +00:00
#[tracing::instrument(skip(context))]
pub async fn reset_password(
data: Json<PasswordReset>,
context: Data<LemmyContext>,
) -> Result<Json<PasswordResetResponse>, LemmyError> {
// Fetch that email
let email = data.email.to_lowercase();
let local_user_view = LocalUserView::find_by_email(&mut context.pool(), &email)
.await
.with_lemmy_type(LemmyErrorType::IncorrectLogin)?;
2022-04-13 18:12:25 +00:00
// Check for too many attempts (to limit potential abuse)
let recent_resets_count = PasswordResetRequest::get_recent_password_resets_count(
&mut context.pool(),
local_user_view.local_user.id,
)
.await?;
if recent_resets_count >= 3 {
Err(LemmyErrorType::PasswordResetLimitReached)?
2022-04-13 18:12:25 +00:00
}
// Email the pure token to the user.
send_password_reset_email(&local_user_view, &mut context.pool(), context.settings()).await?;
Ok(Json(PasswordResetResponse {}))
2022-04-13 18:12:25 +00:00
}