feat: add "forget password" [front & backend] (#75)

* feat: add "forget password" [front & backend] Signed-off-by: Weihao <1340908470@qq.com> * fix: verification code can be sent even if no mobile phone or email is selected refactor: forgetPassword -> forget; GetEmailAndPhoneByUsername -> GetEmailAndPhone; remove useless note Signed-off-by: Weihao <1340908470@qq.com>
2025-07-03 12:30:19 +08:00 · 2021-06-02 13:39:01 +08:00
parent 29049297d8
commit 1cb5ae54c5
11 changed files with 716 additions and 7 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -17,6 +17,7 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
+	"strings"

 	"github.com/astaxie/beego"
 	"github.com/casdoor/casdoor/idp"
@ -106,8 +107,65 @@ func (c *ApiController) Login() {
 			}
 		}

-		password := form.Password
-		user, msg := object.CheckUserLogin(form.Organization, form.Username, password)
+		var user *object.User
+		var msg string
+
+		if form.Password == "" {
+			var verificationCodeType string
+
+			// check result through Email or Phone
+			if strings.Contains(form.Email, "@") {
+				verificationCodeType = "email"
+				checkResult := object.CheckVerificationCode(form.Email, form.EmailCode)
+				if len(checkResult) != 0 {
+					responseText := fmt.Sprintf("Email%s", checkResult)
+					c.ResponseError(responseText)
+					return
+				}
+			} else {
+				verificationCodeType = "phone"
+				checkPhone := fmt.Sprintf("+%s%s", form.PhonePrefix, form.Email)
+				checkResult := object.CheckVerificationCode(checkPhone, form.EmailCode)
+				if len(checkResult) != 0 {
+					responseText := fmt.Sprintf("Phone%s", checkResult)
+					c.ResponseError(responseText)
+					return
+				}
+			}
+
+			// get user
+			var userId string
+			if form.Username == "" {
+				userId, _ = c.RequireSignedIn()
+			} else {
+				userId = fmt.Sprintf("%s/%s", form.Organization, form.Username)
+			}
+
+			user = object.GetUser(userId)
+			if user == nil {
+				c.ResponseError("No such user.")
+				return
+			}
+
+			// disable the verification code
+			switch verificationCodeType {
+			case "email":
+				if user.Email != form.Email {
+					c.ResponseError("wrong email!")
+				}
+				object.DisableVerificationCode(form.Email)
+				break
+			case "phone":
+				if user.Phone != form.Email {
+					c.ResponseError("wrong phone!")
+				}
+				object.DisableVerificationCode(form.Email)
+				break
+			}
+		} else {
+			password := form.Password
+			user, msg = object.CheckUserLogin(form.Organization, form.Username, password)
+		}

 		if msg != "" {
 			resp = &Response{Status: "error", Msg: msg, Data: ""}
--- a/controllers/user.go
+++ b/controllers/user.go
@ -111,6 +111,43 @@ func (c *ApiController) DeleteUser() {
 	c.ServeJSON()
 }

+// @Title GetEmailAndPhone
+// @Description get email and phone by username
+// @Param   username    formData   string  true        "The username of the user"
+// @Param   organization    formData   string  true        "The organization of the user"
+// @Success 200 {object} controllers.Response The Response object
+// @router /get-email-and-phone [post]
+func (c *ApiController) GetEmailAndPhone() {
+	var resp Response
+
+	var form RequestForm
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
+	if err != nil {
+		panic(err)
+	}
+
+	// get user
+	var userId string
+	if form.Username == "" {
+		userId, _ = c.RequireSignedIn()
+	} else {
+		userId = fmt.Sprintf("%s/%s", form.Organization, form.Username)
+	}
+	user := object.GetUser(userId)
+	if user == nil {
+		c.ResponseError("No such user.")
+		return
+	}
+
+	phone := user.Phone
+	email := user.Email
+
+	resp = Response{Status: "ok", Msg: "", Data: phone, Data2: email}
+
+	c.Data["json"] = resp
+	c.ServeJSON()
+}
+
 // @Title SetPassword
 // @Description set password
 // @Param   userOwner   formData    string  true        "The owner of the user"
@ -158,10 +195,14 @@ func (c *ApiController) SetPassword() {
 		return
 	}

-	msg := object.CheckPassword(targetUser, oldPassword)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
+	if oldPassword != "" {
+		msg := object.CheckPassword(targetUser, oldPassword)
+		if msg != "" {
+			c.ResponseError(msg)
+			return
+		}
+	} else {
+
 	}

 	if strings.Index(newPassword, " ") >= 0 {
@ -174,6 +215,8 @@ func (c *ApiController) SetPassword() {
 		return
 	}

+	c.SetSessionUser("")
+
 	targetUser.Password = newPassword
 	object.SetUserField(targetUser, "password", targetUser.Password)
 	c.Data["json"] = Response{Status: "ok"}