Feat/reset password (#1566)

* feat: reset password with recovery key * perf: formatting and multi language
2026-06-02 12:05:54 +00:00 · 2025-07-05 17:36:35 +08:00
parent a8d03c98dc
commit a01706d163
13 changed files with 423 additions and 1 deletions
--- a/pkg/api/http/controller/groups/user.py
+++ b/pkg/api/http/controller/groups/user.py
@@ -1,5 +1,6 @@
 import quart
 import argon2
+import asyncio

 from .. import group

@@ -40,3 +41,29 @@ class UserRouterGroup(group.RouterGroup):
            token = await self.ap.user_service.generate_jwt_token(user_email)

            return self.success(data={'token': token})
+
+        @self.route('/reset-password', methods=['POST'], auth_type=group.AuthType.NONE)
+        async def _() -> str:
+            json_data = await quart.request.json
+
+            user_email = json_data['user']
+            recovery_key = json_data['recovery_key']
+            new_password = json_data['new_password']
+
+            # hard sleep 3s for security
+            await asyncio.sleep(3)
+
+            if not await self.ap.user_service.is_initialized():
+                return self.http_status(400, -1, 'system not initialized')
+
+            user_obj = await self.ap.user_service.get_user_by_email(user_email)
+
+            if user_obj is None:
+                return self.http_status(400, -1, 'user not found')
+
+            if recovery_key != self.ap.instance_config.data['system']['recovery_key']:
+                return self.http_status(403, -1, 'invalid recovery key')
+
+            await self.ap.user_service.reset_password(user_email, new_password)
+
+            return self.success(data={'user': user_email})