Merge branch 'feat/redirect-if-token-is-invalid' into 'dev'

feat: redirect if reset password token is invalid See merge request !761

Merge branch 'feat/redirect-if-token-is-invalid' into 'dev'
1505a860 · Rémi PAILHAREY · 3c1853dc · f1054f1a · 1505a860 · 1505a860
Commit 1505a860 authored 1 year ago by Rémi PAILHAREY
--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@@ -6,6 +6,7 @@ import { ContactComponent } from './contact/contact.component';
 import { FooterComponent } from './footer/footer.component';
 import { AdminGuard } from './guards/admin.guard';
 import { AuthGuard } from './guards/auth.guard';
+import { ResetPasswordTokenGuard } from './guards/resetPasswordToken.guard';
 import { LegalNoticeComponent } from './legal-notice/legal-notice.component';
 import { LoginComponent } from './login/login.component';
 import { NewsletterSubscriptionComponent } from './newsletter-subscription/newsletter-subscription.component';
@@ -182,6 +183,7 @@ const routes: Routes = [
    children: [
      {
        path: '',
+        canActivate: [ResetPasswordTokenGuard],
        component: ForgotPasswordComponent,
      },
    ],

--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
@@ -23,6 +23,7 @@ import { OrientationModule } from './form/orientation-form-view/orientation.modu
 import { AdminGuard } from './guards/admin.guard';
 import { AuthGuard } from './guards/auth.guard';
 import { DeactivateGuard } from './guards/deactivate.guard';
+import { ResetPasswordTokenGuard } from './guards/resetPasswordToken.guard';
 import { RoleGuard } from './guards/role.guard';
 import { HeaderComponent } from './header/header.component';
 import { LegalNoticeComponent } from './legal-notice/legal-notice.component';
@@ -93,6 +94,7 @@ import { StructureJoinComponent } from './structure/structure-join/structure-joi
    RoleGuard,
    DeactivateGuard,
    TempUserResolver,
+    ResetPasswordTokenGuard,
    StructureResolver,
    PersonalOfferResolver,
    RouterListenerService,

--- a/src/app/guards/resetPasswordToken.guard.ts
+++ b/src/app/guards/resetPasswordToken.guard.ts
+import { Injectable } from '@angular/core';
+import { ActivatedRouteSnapshot, Router } from '@angular/router';
+import { Observable, firstValueFrom } from 'rxjs';
+import { AuthService } from '../services/auth.service';
+
+/**
+ * Guard to assert that reset password token is valid, if present in URL
+ */
+@Injectable()
+export class ResetPasswordTokenGuard {
+  constructor(
+    private authService: AuthService,
+    private router: Router,
+  ) {}
+
+  async canActivate(route: ActivatedRouteSnapshot): Promise<Observable<boolean> | Promise<boolean> | boolean> {
+    const token = route.queryParamMap.get('token');
+    if (token) {
+      const validToken = await firstValueFrom(this.authService.checkResetPasswordToken(token));
+      if (!validToken) {
+        this.router.navigate(['/login']);
+        return false;
+      }
+    }
+    return true;
+  }
+}
--- a/src/app/services/auth.service.ts
+++ b/src/app/services/auth.service.ts
@@ -95,6 +95,10 @@ export class AuthService {
    return this.http.post(`api/users/reset-password`, { email: email.toLowerCase() });
  }

+  public checkResetPasswordToken(token: string): Observable<boolean> {
+    return this.http.post<boolean>(`api/users/reset-password/check`, { token });
+  }
+
  public resetPasswordApply(token: string, password: string): Observable<any> {
    return this.http.post(`api/users/reset-password/apply`, {
      token,