Compare commits
5 Commits
1.5.3
...
feature/pa
| Author | SHA1 | Date | |
|---|---|---|---|
| 8f3f2d0f98 | |||
| b26dcc8777 | |||
| 6a21fd010d | |||
| 2bac1f4d39 | |||
| 32a723514b |
@@ -4,7 +4,7 @@ from ..dependencies import users_token, database, mail
|
||||
from ..models import users, email
|
||||
from fastapi.responses import JSONResponse, HTMLResponse
|
||||
from fastapi_mail import MessageSchema, MessageType, FastMail
|
||||
import random, os
|
||||
import random, os, bcrypt
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
@@ -35,7 +35,7 @@ async def forgot_password(userSingle: users.UserForgotPassword):
|
||||
key_hashed = users_token.get_password_hash(reset_token)
|
||||
|
||||
# Créer le lien de réinitialisation
|
||||
reset_link = f"https://votresite.com/password/reset?key={reset_token}&email={user.email}"
|
||||
reset_link = f"https://backend.valczeryba.ovh/password/reset?key={reset_token}&email={user.email}"
|
||||
|
||||
# Préparer les données à envoyer au template
|
||||
email_body = {
|
||||
@@ -68,26 +68,52 @@ async def reset_password(request: Request, key: str | None = None, email: str |
|
||||
detail="Parameters 'key' and 'email' are required"
|
||||
)
|
||||
|
||||
# Vérifier que la clé correspond à celle stockée dans Redis
|
||||
# Récupérer la clé hachée depuis Redis
|
||||
key_hashed = database.connect_redis.get(email)
|
||||
|
||||
if key_hashed is None or key_hashed.decode() != key:
|
||||
if key_hashed is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Key is invalid or expired"
|
||||
detail="Invalid or expired reset key"
|
||||
)
|
||||
|
||||
# Redis stocke les valeurs en `bytes`, donc il faut décoder si nécessaire
|
||||
if isinstance(key_hashed, bytes):
|
||||
key_hashed = key_hashed.decode()
|
||||
|
||||
|
||||
# Vérifier que la clé en clair correspond au hash stocké
|
||||
if not bcrypt.checkpw(key.encode(), key_hashed.encode()):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Invalid reset key"
|
||||
)
|
||||
|
||||
|
||||
# Afficher la page HTML de réinitialisation du mot de passe
|
||||
return templates.TemplateResponse("reset_password.html", {"request": request, "email": email, "key": key})
|
||||
|
||||
@router.post("/password/update", tags=["password"])
|
||||
async def update_password(request: Request, email: str = Form(...), key: str = Form(...), new_password: str = Form(...)): # Vérification du token dans Redis
|
||||
# Récupérer la clé hachée depuis Redis
|
||||
key_hashed = database.connect_redis.get(email)
|
||||
|
||||
if key_hashed is None or key_hashed.decode() != key:
|
||||
if key_hashed is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Key is invalid or expired"
|
||||
detail="Invalid or expired reset key"
|
||||
)
|
||||
|
||||
# Redis stocke les valeurs en `bytes`, donc il faut décoder si nécessaire
|
||||
if isinstance(key_hashed, bytes):
|
||||
key_hashed = key_hashed.decode()
|
||||
|
||||
|
||||
# Vérifier que la clé en clair correspond au hash stocké
|
||||
if not bcrypt.checkpw(key.encode(), key_hashed.encode()):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Invalid reset key"
|
||||
)
|
||||
|
||||
# Recherche de l'utilisateur dans la base de données
|
||||
|
||||
Reference in New Issue
Block a user