First

1 files changed, 62 insertions, 0 deletions

diff --git a/lib/pleroma/password_reset_token.ex b/lib/pleroma/password_reset_token.ex
new file mode 100644
index 0000000..42a789e
--- /dev/null
+++ b/lib/pleroma/password_reset_token.ex
@@ -0,0 +1,62 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.PasswordResetToken do
+  use Ecto.Schema
+
+  import Ecto.Changeset
+
+  alias Pleroma.PasswordResetToken
+  alias Pleroma.Repo
+  alias Pleroma.User
+
+  schema "password_reset_tokens" do
+    belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
+    field(:token, :string)
+    field(:used, :boolean, default: false)
+
+    timestamps()
+  end
+
+  def create_token(%User{} = user) do
+    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
+
+    token = %PasswordResetToken{
+      user_id: user.id,
+      used: false,
+      token: token
+    }
+
+    Repo.insert(token)
+  end
+
+  def used_changeset(struct) do
+    struct
+    |> cast(%{}, [])
+    |> put_change(:used, true)
+  end
+
+  @spec reset_password(binary(), map()) :: {:ok, User.t()} | {:error, binary()}
+  def reset_password(token, data) do
+    with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
+         false <- expired?(token),
+         %User{} = user <- User.get_cached_by_id(token.user_id),
+         {:ok, _user} <- User.reset_password(user, data),
+         {:ok, token} <- Repo.update(used_changeset(token)) do
+      {:ok, token}
+    else
+      _e -> {:error, token}
+    end
+  end
+
+  def expired?(%__MODULE__{inserted_at: inserted_at}) do
+    validity = Pleroma.Config.get([:instance, :password_reset_token_validity], 0)
+
+    now = NaiveDateTime.utc_now()
+
+    difference = NaiveDateTime.diff(now, inserted_at)
+
+    difference > validity
+  end
+end