jonas/go-playground
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: password reset

Browse Source
This commit is contained in:
Jonas
2026-05-04 08:33:45 +02:00
parent 2c2459c833
commit 0bbc76be1d
5 changed files with 190 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
projects/greenlight/cmd/api/tokens.go
+73
View File
@@ -75,3 +75,76 @@ func (app *application) createAuthenticationTokenHandler(w http.ResponseWriter,
app.serverErrorResponse(w, r, err)
}
}
// Generate a password reset token and send it to the user's email address.
func (app *application) createPasswordResetTokenHandler(w http.ResponseWriter, r *http.Request) {
// Parse and validate the user's email address.
var input struct {
Email string `json:"email"`
}
err := app.readJSON(w, r, &input)
if err != nil {
app.badRequestResponse(w, r, err)
return
}
v := validator.New()
if data.ValidateEmail(v, input.Email); !v.Valid() {
app.failedValidationResponse(w, r, v.Errors)
return
}
// Try to retrieve the corresponding user record for the email address. If it can't
// be found, return an error message to the client.
user, err := app.models.Users.GetByEmail(input.Email)
if err != nil {
switch {
case errors.Is(err, data.ErrRecordNotFound):
v.AddError("email", "no matching email address found")
app.failedValidationResponse(w, r, v.Errors)
default:
app.serverErrorResponse(w, r, err)
}
return
}
// Return an error message if the user is not activated.
if !user.Activated {
v.AddError("email", "user account must be activated")
app.failedValidationResponse(w, r, v.Errors)
return
}
// Otherwise, create a new password reset token with a 45-minute expiry time.
token, err := app.models.Tokens.New(user.ID, 45*time.Minute, data.ScopePasswordReset)
if err != nil {
app.serverErrorResponse(w, r, err)
return
}
// Email the user with their password reset token.
app.background(func() {
data := map[string]any{
"passwordResetToken": token.Plaintext,
}
// Since email addresses MAY be case sensitive, notice that we are sending this
// email using the address stored in our database for the user --- not to the
// input.Email address provided by the client in this request.
err = app.mailer.Send(user.Email, "token_password_reset.tmpl", data)
if err != nil {
app.logger.PrintError(err, nil)
}
})
// Send a 202 Accepted response and confirmation message to the client.
env := envelope{"message": "an email will be sent to you containing password reset instructions"}
err = app.writeJSON(w, http.StatusAccepted, env, nil)
if err != nil {
app.serverErrorResponse(w, r, err)
}
}