# HG changeset patch
# User Jonas Schäfer <jonas@wielicki.name>
# Date 1612000077 -3600
# Node ID dbfa830e450424a3b996971f9d681d6fe4049c56
# Parent  0b9501f82e63c6fb4e14a1066e525c7a38efb2d7
mod_invites_register_api: Handle password resets

Those need the information for whom they are in the GET response
as well as special handling in the POST.

diff -r 0b9501f82e63 -r dbfa830e4504 mod_invites_register_api/mod_invites_register_api.lua
--- a/mod_invites_register_api/mod_invites_register_api.lua	Sat Jan 30 07:19:35 2021 +0100
+++ b/mod_invites_register_api/mod_invites_register_api.lua	Sat Jan 30 10:47:57 2021 +0100
@@ -29,6 +29,7 @@
 		type = invite.type;
 		jid = invite.jid;
 		inviter = invite.inviter;
+		reset = invite.additional_data and invite.additional_data.allow_reset or nil;
 	});
 end
 
@@ -68,7 +69,13 @@
 		return 400;
 	end
 
-	if usermanager.user_exists(prepped_username, module.host) then
+	local reset_for = invite.additional_data and invite.additional_data.allow_reset or nil;
+	if reset_for ~= nil then
+		module:log("debug", "handling password reset invite for %s", reset_for)
+		if reset_for ~= prepped_username then
+			return 403; -- Attempt to use reset invite for incorrect user
+		end
+	elseif usermanager.user_exists(prepped_username, module.host) then
 		return 409; -- Conflict
 	end