bhuvansingla · 1-Harshit · Nov 12, 2021
diff --git a/account/user.go b/account/user.go
@@ -31,6 +31,11 @@ func Create(rollNo string, hashedPasssword string, name string) error {
 	return nil
 }
 
+func UpdatePassword(rollNo string, hashedPasssword string) error {
+	_, err := database.DB.Exec("UPDATE ACCOUNT SET password = $1 WHERE rollNo = $2", hashedPasssword, rollNo)
+	return err
+}
+
 func UserExists(rollNo string) (bool, error) {
 	row := database.DB.QueryRow("SELECT rollNo FROM ACCOUNT WHERE rollNo=$1", rollNo)
 	scannedRow := ""

diff --git a/auth/resetPass.go b/auth/resetPass.go
@@ -0,0 +1,41 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/bhuvansingla/iitk-coin/account"
+	"github.com/bhuvansingla/iitk-coin/errors"
+	"github.com/bhuvansingla/iitk-coin/util"
+)
+
+func ResetPassword(rollNo string, newPassword string, otp string) error {
+
+	userExists, err := account.UserExists(rollNo)
+	if err != nil {
+		return errors.NewHTTPError(err, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
+	}
+
+	if !userExists {
+		return errors.NewHTTPError(nil, http.StatusBadRequest, "account doesnot exists")
+	}
+
+	if err := account.ValidatePassword(newPassword); err != nil {
+		return err
+	}
+
+	if err := VerifyOTP(rollNo, otp); err != nil {
+		return err
+	}
+
+	hashedPwd, err := util.HashAndSalt(newPassword)
+	if err != nil {
+		return errors.NewHTTPError(err, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
+	}
+
+	err = account.UpdatePassword(rollNo, hashedPwd)
+	if err != nil {
+		return errors.NewHTTPError(err, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
+	}
+
+	return nil
+}
diff --git a/handlers/resetPass.go b/handlers/resetPass.go
@@ -0,0 +1,36 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/bhuvansingla/iitk-coin/auth"
+	"github.com/bhuvansingla/iitk-coin/errors"
+)
+
+type ResetPasswordRequest struct {
+	RollNo      string `json:"rollNo"`
+	NewPassword string `json:"newPassword"`
+	Otp         string `json:"otp"`
+}
+
+func ResetPassword(w http.ResponseWriter, r *http.Request) error {
+
+	if r.Method != "POST" {
+		return errors.NewHTTPError(nil, http.StatusMethodNotAllowed, http.StatusText(http.StatusMethodNotAllowed))
+	}
+
+	var resetPasswordRequest ResetPasswordRequest
+
+	if err := json.NewDecoder(r.Body).Decode(&resetPasswordRequest); err != nil {
+		return errors.NewHTTPError(err, http.StatusBadRequest, "error decoding request body")
+	}
+
+	err := auth.ResetPassword(resetPasswordRequest.RollNo, resetPasswordRequest.NewPassword, resetPasswordRequest.Otp)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/server/router.go b/server/router.go
@@ -13,6 +13,7 @@ func setRoutes() {
 
 	http.HandleFunc("/auth/login", CORS(errors.Handler(handlers.Login)))
 	http.HandleFunc("/auth/signup", CORS(errors.Handler(handlers.Signup)))
+	http.HandleFunc("/auth/reset-password", CORS(errors.Handler(handlers.ResetPassword)))
 	http.HandleFunc("/auth/check", CORS(auth.IsAuthorized((errors.Handler(handlers.CheckLogin)))))
 	http.HandleFunc("/auth/otp", CORS(errors.Handler(handlers.GenerateOtp)))
 	http.HandleFunc("/auth/logout", CORS(errors.Handler(handlers.Logout)))