From 74febc48916a1da7a00df1311d8f0ec2bcd53278 Mon Sep 17 00:00:00 2001
From: Dominika Liberda <ja@sdomi.pl>
Date: Wed, 2 Dec 2020 04:00:31 +0100
Subject: [PATCH] password reseting backend fixes

---
 code/common.sh                | 11 +++++++++--
 webroot/api/register.shs      |  2 +-
 webroot/api/reset_request.shs |  2 +-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/code/common.sh b/code/common.sh
index eac01e0..19208b6 100644
--- a/code/common.sh
+++ b/code/common.sh
@@ -117,7 +117,7 @@ function account_gen_reset_code() {
 
 		if [[ $(date "+%s") -gt $((timestamp+3600)) || $2 == true ]]; then
 			sed -i "s/$user:$mail:$old_code:yes:$timestamp/$user:$mail:$new_code:yes:$new_timestamp/" secret/mail.dat
-			echo -n "$new_code"$(date "+%d%m%y") | sha1sum | awk '{print $1}' | cut -c 1-10
+			account_get_reset_code "$user"
 			return 0
 		else
 			return 2
@@ -127,6 +127,13 @@ function account_gen_reset_code() {
 	fi
 }
 
+#account_get_reset_code(username)
+function account_get_reset_code() {
+	local data="$(cat secret/mail.dat | grep -P "^$1:")"
+	local code="$(awk -F: '{print $3}' <<< "$data")"
+	echo -n "$code"$(date "+%d%m%y") | sha1sum | awk '{print $1}' | cut -c 1-10
+}
+
 #reset_pwd(username, hash, password)
 function reset_pwd() {
 	[[ "$1" == '' || "$2" == '' || "$3" == '' ]] && return
@@ -134,7 +141,7 @@ function reset_pwd() {
 	local hash="$2"
 	local pass="$3"
 
-	if [[ "$(echo -n $(cat secret/mail.dat | grep -P "^$user:" | awk -F: '{print $3}')$(date "+%d%m%y") | sha1sum | awk '{print $1}' | cut -c 1-10)" == "$hash" ]]; then
+	if [[ "$(account_get_reset_code "$user")" == "$hash" ]]; then
 		delete_account "$user"
 		register "$user" "$pass"
 
diff --git a/webroot/api/register.shs b/webroot/api/register.shs
index 2fc1a11..b704526 100644
--- a/webroot/api/register.shs
+++ b/webroot/api/register.shs
@@ -14,7 +14,7 @@ if [[ "${post_data[login]}" != '' && "${post_data[password]}" != '' && "${post_d
 		status=$?
 		verification="$RANDOM"
 		
-		echo "${post_data[login]}:$mail:$verification:no" >> secret/mail.dat
+		echo "${post_data[login]}:$mail:$verification:no:0" >> secret/mail.dat
 	fi
 	
 	if [[ $status == 0 ]]; then
diff --git a/webroot/api/reset_request.shs b/webroot/api/reset_request.shs
index 9915af3..58a595b 100644
--- a/webroot/api/reset_request.shs
+++ b/webroot/api/reset_request.shs
@@ -1,5 +1,5 @@
 #!/bin/bash
-[[ "${post_data[login]}" == '' ]] && jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 0 "AAAA" && return
+[[ "${post_data[login]}" == '' ]] && jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 0 "BAD REQUEST" && return
 source "${cfg[namespace]}/code/common.sh"
 
 hash="$(account_gen_reset_code "${post_data[login]}")"