fix password reset flow

2026-01-11 19:04:35 +00:00 · 2021-11-30 10:02:41 +00:00
parent 8b5897b869
commit 68103309f8
2 changed files with 9 additions and 3 deletions
--- a/user/domain/domain.go
+++ b/user/domain/domain.go
@@ -117,7 +117,7 @@ func (domain *Domain) SavePasswordResetCode(ctx context.Context, userID, code st
 	return &pwcode, err
 }

-func (domain *Domain) DeletePasswordRestCode(ctx context.Context, userId, code string) error {
+func (domain *Domain) DeletePasswordResetCode(ctx context.Context, userId, code string) error {
 	_, err := domain.db.Delete(ctx, &db.DeleteRequest{
 		Table: "password-reset-codes",
 		Id:    userId + "-" + code,
--- a/user/handler/handler.go
+++ b/user/handler/handler.go
@@ -335,8 +335,14 @@ func (s *User) ResetPassword(ctx context.Context, req *pb.ResetPasswordRequest,
 		return errors.BadRequest("user.resetpassword", "passwords do not match")
 	}

+	// look for an existing user
+	users, err := s.domain.Search(ctx, "", req.Email)
+	if err != nil {
+		return err
+	}
+
 	// check if a request was made to reset the password, we should have saved it
-	code, err := s.domain.ReadPasswordResetCode(ctx, req.Email, req.Code)
+	code, err := s.domain.ReadPasswordResetCode(ctx, users[0].Id, req.Code)
 	if err != nil {
 		return err
 	}
@@ -369,7 +375,7 @@ func (s *User) ResetPassword(ctx context.Context, req *pb.ResetPasswordRequest,
 	}

 	// delete our saved code
-	s.domain.DeletePasswordRestCode(ctx, req.Email, req.Code)
+	s.domain.DeletePasswordResetCode(ctx, users[0].Id, req.Code)

 	return nil
 }