wdevs/ResolveSpec
5
0
Fork 0
mirror of https://github.com/bitechdev/ResolveSpec.git synced 2026-04-17 05:13:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(security): add self-service password reset functionality
Some checks failed
Build , Vet Test, and Lint / Run Vet Tests (1.24.x) (push) Successful in -33m14s
Details
Build , Vet Test, and Lint / Run Vet Tests (1.23.x) (push) Successful in -32m42s
Details
Build , Vet Test, and Lint / Build (push) Successful in -32m59s
Details
Build , Vet Test, and Lint / Lint Code (push) Successful in -32m26s
Details
Tests / Integration Tests (push) Failing after -33m40s
Details
Tests / Unit Tests (push) Successful in -33m35s
Details

Browse Source 
* Implement password reset request and completion procedures
* Update database schema for password reset tokens
* Add new request and response types for password reset
This commit is contained in:
Warky
2026-04-15 21:46:33 +02:00
parent aef1f96c10
commit f79a400772
5 changed files with 335 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
pkg/security/providers.go
View File

@@ -868,6 +868,75 @@ func generateRandomString(length int) string {
// return ""
// }
// Password reset methods
// ======================
// RequestPasswordReset implements PasswordResettable. It calls the stored procedure
// resolvespec_password_reset_request and returns the reset token and expiry.
func (a *DatabaseAuthenticator) RequestPasswordReset(ctx context.Context, req PasswordResetRequest) (*PasswordResetResponse, error) {
reqJSON, err := json.Marshal(req)
if err != nil {
return nil, fmt.Errorf("failed to marshal password reset request: %w", err)
}
var success bool
var errorMsg sql.NullString
var dataJSON sql.NullString
err = a.runDBOpWithReconnect(func(db *sql.DB) error {
query := fmt.Sprintf(`SELECT p_success, p_error, p_data::text FROM %s($1::jsonb)`, a.sqlNames.PasswordResetRequest)
return db.QueryRowContext(ctx, query, string(reqJSON)).Scan(&success, &errorMsg, &dataJSON)
})
if err != nil {
return nil, fmt.Errorf("password reset request query failed: %w", err)
}
if !success {
if errorMsg.Valid {
return nil, fmt.Errorf("%s", errorMsg.String)
}
return nil, fmt.Errorf("password reset request failed")
}
var response PasswordResetResponse
if dataJSON.Valid && dataJSON.String != "" {
if err := json.Unmarshal([]byte(dataJSON.String), &response); err != nil {
return nil, fmt.Errorf("failed to parse password reset response: %w", err)
}
}
return &response, nil
}
// CompletePasswordReset implements PasswordResettable. It validates the token and
// updates the user's password via resolvespec_password_reset.
func (a *DatabaseAuthenticator) CompletePasswordReset(ctx context.Context, req PasswordResetCompleteRequest) error {
reqJSON, err := json.Marshal(req)
if err != nil {
return fmt.Errorf("failed to marshal password reset complete request: %w", err)
}
var success bool
var errorMsg sql.NullString
err = a.runDBOpWithReconnect(func(db *sql.DB) error {
query := fmt.Sprintf(`SELECT p_success, p_error FROM %s($1::jsonb)`, a.sqlNames.PasswordResetComplete)
return db.QueryRowContext(ctx, query, string(reqJSON)).Scan(&success, &errorMsg)
})
if err != nil {
return fmt.Errorf("password reset complete query failed: %w", err)
}
if !success {
if errorMsg.Valid {
return fmt.Errorf("%s", errorMsg.String)
}
return fmt.Errorf("password reset failed")
}
return nil
}
// Passkey authentication methods
// ==============================