2 use actix_web::web::Data;
3 use lemmy_api_common::{
5 person::{LoginResponse, PasswordChangeAfterReset},
6 utils::password_length_check,
8 use lemmy_db_schema::source::{
10 password_reset_request::PasswordResetRequest,
12 use lemmy_db_views::structs::SiteView;
13 use lemmy_utils::{claims::Claims, error::LemmyError, ConnectionId};
15 #[async_trait::async_trait(?Send)]
16 impl Perform for PasswordChangeAfterReset {
17 type Response = LoginResponse;
19 #[tracing::instrument(skip(self, context, _websocket_id))]
22 context: &Data<LemmyContext>,
23 _websocket_id: Option<ConnectionId>,
24 ) -> Result<LoginResponse, LemmyError> {
25 let data: &PasswordChangeAfterReset = self;
27 // Fetch the user_id from the token
28 let token = data.token.clone();
29 let local_user_id = PasswordResetRequest::read_from_token(context.pool(), &token)
31 .map(|p| p.local_user_id)?;
33 password_length_check(&data.password)?;
35 // Make sure passwords match
36 if data.password != data.password_verify {
37 return Err(LemmyError::from_message("passwords_dont_match"));
40 // Update the user with the new password
41 let password = data.password.clone();
42 let updated_local_user = LocalUser::update_password(context.pool(), local_user_id, &password)
44 .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_user"))?;
46 // Return the jwt if login is allowed
47 let site_view = SiteView::read_local(context.pool()).await?;
49 if site_view.local_site.require_application && !updated_local_user.accepted_application {
54 updated_local_user.id.0,
55 &context.secret().jwt_secret,
56 &context.settings().hostname,
64 verify_email_sent: false,
65 registration_created: false,