completePasswordReset method

Future<UuidValue> completePasswordReset(Session session, { required String completePasswordResetToken, required String newPassword, required Transaction transaction, })

Returns the auth user ID for the successfully changed password.

This method should only be called after the verifyPasswordResetCode method has been called successfully.

The method takes the completePasswordResetToken returned from verifyPasswordResetCode and uses it to complete the password reset.

Can throw the following EmailPasswordResetServerException subclasses:

• EmailPasswordResetRequestNotFoundException if no reset request could be found for passwordResetRequestId.
• EmailPasswordResetNotVerifiedException if the set password token has not been set.
• EmailPasswordResetRequestExpiredException if the reset request has expired and has not been cleaned up yet.
• EmailPasswordResetPasswordPolicyViolationException if the new password does not comply with the configured password policy.
• EmailPasswordResetTooManyVerificationAttemptsException if the user has made too many attempts trying to complete the password reset.
• EmailPasswordResetInvalidVerificationCodeException if the provided verificationCode is not valid.

Implementation

Future<UuidValue> completePasswordReset(
  final Session session, {
  required final String completePasswordResetToken,
  required final String newPassword,
  required final Transaction transaction,
}) async {
  if (!_config.passwordValidationFunction(newPassword)) {
    throw EmailPasswordResetPasswordPolicyViolationException();
  }

  final resetRequest = await withReplacedSecretChallengeException(
    () => _challengeUtil.completeChallenge(
      session,
      completionToken: completePasswordResetToken,
      transaction: transaction,
    ),
  );

  await EmailAccountPasswordResetRequest.db.deleteRow(
    session,
    resetRequest,
    transaction: transaction,
  );

  final account = (await EmailAccount.db.findById(
    session,
    resetRequest.emailAccountId,
    transaction: transaction,
  ));
  if (account == null) {
    throw EmailPasswordResetEmailNotFoundException();
  }

  await setPassword(
    session,
    emailAccount: account,
    password: newPassword,
    transaction: transaction,
  );

  // Call the password reset completion callback
  _config.onPasswordResetCompleted?.call(
    session,
    emailAccountId: account.id!,
    transaction: transaction,
  );

  return account.authUserId;
}