Pleroma/lib/pleroma/password_reset_token.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.PasswordResetToken do
  use Ecto.Schema

  import Ecto.Changeset

  alias Pleroma.PasswordResetToken
  alias Pleroma.Repo
  alias Pleroma.User

  schema "password_reset_tokens" do
    belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
    field(:token, :string)
    field(:used, :boolean, default: false)

    timestamps()
  end

  def create_token(%User{} = user) do
    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()

    token = %PasswordResetToken{
      user_id: user.id,
      used: false,
      token: token
    }

    Repo.insert(token)
  end

  def used_changeset(struct) do
    struct
    |> cast(%{}, [])
    |> put_change(:used, true)
  end

  @spec reset_password(binary(), map()) :: {:ok, User.t()} | {:error, binary()}
  def reset_password(token, data) do
    with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
         false <- expired?(token),
         %User{} = user <- User.get_cached_by_id(token.user_id),
         {:ok, _user} <- User.reset_password(user, data),
         {:ok, token} <- Repo.update(used_changeset(token)) do
      {:ok, token}
    else
      _e -> {:error, token}
    end
  end

  def expired?(%__MODULE__{inserted_at: inserted_at}) do
    validity = Pleroma.Config.get([:instance, :password_reset_token_validity], 0)

    now = NaiveDateTime.utc_now()

    difference = NaiveDateTime.diff(now, inserted_at)

    difference > validity
  end
end
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# Pleroma: A lightweight social networking server`
Bump Copyright to 2021 grep -rl '# Copyright © .* Pleroma' * \| xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;' 2021-01-13 07:49:20 +01:00			`# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Add password reset. 2017-10-19 17:37:24 +02:00			`defmodule Pleroma.PasswordResetToken do`
			`use Ecto.Schema`

Fix all compilation warnings 2017-11-19 02:22:07 +01:00			`import Ecto.Changeset`
Add password reset. 2017-10-19 17:37:24 +02:00
de-group alias/es 2019-02-09 16:16:26 +01:00			`alias Pleroma.PasswordResetToken`
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-05 03:52:23 +01:00			`alias Pleroma.Repo`
			`alias Pleroma.User`
Add password reset. 2017-10-19 17:37:24 +02:00
			`schema "password_reset_tokens" do`
Replace `Pleroma.FlakeId` with `flake_id` hex package 2019-09-18 16:54:31 +02:00			`belongs_to(:user, User, type: FlakeId.Ecto.CompatType)`
Format the code. 2018-03-30 15:01:53 +02:00			`field(:token, :string)`
			`field(:used, :boolean, default: false)`
Add password reset. 2017-10-19 17:37:24 +02:00
			`timestamps()`
			`end`

			`def create_token(%User{} = user) do`
Format the code. 2018-03-30 15:01:53 +02:00			`token = :crypto.strong_rand_bytes(32) \|> Base.url_encode64()`
Add password reset. 2017-10-19 17:37:24 +02:00
			`token = %PasswordResetToken{`
			`user_id: user.id,`
			`used: false,`
			`token: token`
			`}`

			`Repo.insert(token)`
			`end`

			`def used_changeset(struct) do`
Fix all compilation warnings 2017-11-19 02:22:07 +01:00			`struct`
Add password reset. 2017-10-19 17:37:24 +02:00			`\|> cast(%{}, [])`
			`\|> put_change(:used, true)`
			`end`

[#184] small refactoring reset password 2019-06-24 21:01:56 +02:00			`@spec reset_password(binary(), map()) :: {:ok, User.t()} \| {:error, binary()}`
Add password reset. 2017-10-19 17:37:24 +02:00			`def reset_password(token, data) do`
			`with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),`
Password Resets: Don't accept tokens above a certain age. By default, one day 2020-11-19 12:27:06 +01:00			`false <- expired?(token),`
Use `User.get_cached*` everywhere 2019-04-22 09:20:43 +02:00			`%User{} = user <- User.get_cached_by_id(token.user_id),`
Fix all compilation warnings 2017-11-19 02:22:07 +01:00			`{:ok, _user} <- User.reset_password(user, data),`
Add password reset. 2017-10-19 17:37:24 +02:00			`{:ok, token} <- Repo.update(used_changeset(token)) do`
			`{:ok, token}`
			`else`
			`_e -> {:error, token}`
			`end`
			`end`
Password Resets: Don't accept tokens above a certain age. By default, one day 2020-11-19 12:27:06 +01:00
			`def expired?(%__MODULE__{inserted_at: inserted_at}) do`
			`validity = Pleroma.Config.get([:instance, :password_reset_token_validity], 0)`

			`now = NaiveDateTime.utc_now()`

			`difference = NaiveDateTime.diff(now, inserted_at)`

			`difference > validity`
			`end`
Add password reset. 2017-10-19 17:37:24 +02:00			`end`