From 68103309f838cdb415dd959ed0037411813b69ec Mon Sep 17 00:00:00 2001
From: Asim Aslam <asim@aslam.me>
Date: Tue, 30 Nov 2021 10:02:41 +0000
Subject: [PATCH] fix password reset flow

---
 user/domain/domain.go   |  2 +-
 user/handler/handler.go | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/user/domain/domain.go b/user/domain/domain.go
index 7e0d1a7..5370cdd 100644
--- a/user/domain/domain.go
+++ b/user/domain/domain.go
@@ -117,7 +117,7 @@ func (domain *Domain) SavePasswordResetCode(ctx context.Context, userID, code st
 	return &pwcode, err
 }
 
-func (domain *Domain) DeletePasswordRestCode(ctx context.Context, userId, code string) error {
+func (domain *Domain) DeletePasswordResetCode(ctx context.Context, userId, code string) error {
 	_, err := domain.db.Delete(ctx, &db.DeleteRequest{
 		Table: "password-reset-codes",
 		Id:    userId + "-" + code,
diff --git a/user/handler/handler.go b/user/handler/handler.go
index 9a832e8..7187c99 100644
--- a/user/handler/handler.go
+++ b/user/handler/handler.go
@@ -335,8 +335,14 @@ func (s *User) ResetPassword(ctx context.Context, req *pb.ResetPasswordRequest,
 		return errors.BadRequest("user.resetpassword", "passwords do not match")
 	}
 
+	// look for an existing user
+	users, err := s.domain.Search(ctx, "", req.Email)
+	if err != nil {
+		return err
+	}
+
 	// check if a request was made to reset the password, we should have saved it
-	code, err := s.domain.ReadPasswordResetCode(ctx, req.Email, req.Code)
+	code, err := s.domain.ReadPasswordResetCode(ctx, users[0].Id, req.Code)
 	if err != nil {
 		return err
 	}
@@ -369,7 +375,7 @@ func (s *User) ResetPassword(ctx context.Context, req *pb.ResetPasswordRequest,
 	}
 
 	// delete our saved code
-	s.domain.DeletePasswordRestCode(ctx, req.Email, req.Code)
+	s.domain.DeletePasswordResetCode(ctx, users[0].Id, req.Code)
 
 	return nil
 }