Add route to send recovery email

2022-10-12 19:30:11 +02:00 · 2022-10-12 19:30:11 +02:00 · 4e9675c284
commit 4e9675c284
parent 26adcc2868
2 changed files with 46 additions and 3 deletions
--- a/Sources/App/Management/SQLiteDatabase.swift
+++ b/Sources/App/Management/SQLiteDatabase.swift
@ -54,11 +54,35 @@ final class SQLiteDatabase {
        self.playerNameForToken[token] = name
        return token
    }
    /**
     Send a password reset email.
     Possible errors:
     - `404`: Player name or email not found.
     */
    func sendPasswordResetEmailIfPossible(name: PlayerName, in database: Database) async throws {
        guard let user = try await User.query(on: database).filter(\.$name == name).first() else {
            throw Abort(.notFound)
        }
        guard let email = user.recoveryEmail else {
            throw Abort(.notFound)
        }
        try await user.$resetRequest.load(on: database)
        if let request = user.resetRequest {
            request.renew()
            try await request.save(on: database)
            self.sendEmail(name: name, email: email, token: request.resetToken)
        } else {
            let reset = PasswordReset()
            try await user.$resetRequest.create(reset, on: database)
            self.sendEmail(name: name, email: email, token: reset.resetToken)
        }
    }
    private func sendEmail(name: PlayerName, email: String, token: String) {
        let recipient = Mail.User(name: name, email: email)
-        let url = "\(mailConfiguration.serverDomain)/player/reset?token=\(token)"
+        let url = "\(mailConfiguration.serverDomain)/recovery.html?token=\(token)"
        let mail = Mail(
            from: mailSender,
            to: [recipient],
@ -70,7 +94,7 @@ final class SQLiteDatabase {
                    a reset of your account password has been requested for the Schafkopf Server at \(mailConfiguration.serverDomain).
                    To choose a new password, click the following link:
-                    <a href="\(url)">\(url)</a>
+                    \(url)
                    The link will expire in \(mailConfiguration.tokenExpiryDuration) minutes. If you didn't request the password reset, you don't have to do anything.
@ -80,7 +104,7 @@ final class SQLiteDatabase {
                    """
        )
-        self.smtp.send(mail) { (error) in
+        smtp.send(mail) { (error) in
            if let error = error {
                print("Failed to send recovery email to \(email): \(error)")
            }
--- a/Sources/App/routes.swift
+++ b/Sources/App/routes.swift
@ -64,6 +64,25 @@ func registerPlayer(_ app: Application) {
        return try await server.registerPlayer(named: name, hash: hash, email: mail, in: request.db)
    }
 }
 /**
 Request an email to reset the password of a player.
 Headers:
 - `name`: The player name
 Possible responses:
 - `200`: Success, email will be sent
 - `400`: Missing name header
 - `404`: Player name not found or no email registered
 */
 func requestPlayerPasswordReset(_ app: Application) {
    app.post("player", "password", "reset") { request async throws -> HTTPResponseStatus in
        let name = try request.header(.name) // Error: 400
        try await server.sendPasswordResetEmailIfPossible(name: name, in: request.db)
        return .ok
    }
 }
 /**
 Delete a player.