xuyue/teaching-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add admin password reset

Browse Source
This commit is contained in:
yuetsh
2026-06-16 06:40:55 -06:00
parent 502afffa02
commit 979a70439b
8 changed files with 168 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
server/routes/admin.test.ts
View File

@@ -1,8 +1,8 @@
import { beforeEach, describe, expect, it } from 'bun:test'
import type { Database } from 'bun:sqlite'
import { Hono } from 'hono'
import { hashPassword, signAccessToken } from '../auth'
import { createUser, openDb } from '../db'
import { hashPassword, signAccessToken, verifyPassword } from '../auth'
import { createRefreshToken, createUser, findRefreshTokenByHash, findUserById, openDb } from '../db'
import { createAdminRouter } from './admin'
const JWT_SECRET = 'test-secret'
@@ -95,4 +95,41 @@ describe('admin routes', () => {
})
expect(res.status).toBe(404)
})
it('resets a user password to the fixed temporary password', async () => {
createRefreshToken(db, { userId, tokenHash: 'user-refresh-token', expiresAt: '2099-01-01T00:00:00.000Z' })
const res = await app.request(`/api/admin/users/${userId}/reset-password`, {
method: 'POST',
headers: { Authorization: `Bearer ${adminToken}` },
})
expect(res.status).toBe(200)
expect(await res.json()).toEqual({ ok: true })
const updated = findUserById(db, userId)
expect(updated).not.toBeNull()
expect(await verifyPassword('123456', updated!.passwordHash)).toBe(true)
expect(await verifyPassword('userpass', updated!.passwordHash)).toBe(false)
expect(findRefreshTokenByHash(db, 'user-refresh-token')).toBeNull()
})
it('returns 404 when resetting password for missing user', async () => {
const res = await app.request('/api/admin/users/missing/reset-password', {
method: 'POST',
headers: { Authorization: `Bearer ${adminToken}` },
})
expect(res.status).toBe(404)
expect(await res.json()).toEqual({ error: '用户不存在' })
})
it('returns 403 when non-admin resets a password', async () => {
const res = await app.request(`/api/admin/users/${adminId}/reset-password`, {
method: 'POST',
headers: { Authorization: `Bearer ${userToken}` },
})
expect(res.status).toBe(403)
})
})

16
server/routes/admin.ts
View File

@@ -1,9 +1,11 @@
import type { Database } from 'bun:sqlite'
import { Hono } from 'hono'
import { hashPassword } from '../auth'
import { createUser, deleteUser, listUsers } from '../db'
import { createUser, deleteRefreshTokensForUser, deleteUser, findUserById, listUsers, updateUserPasswordHash } from '../db'
import { bearerAuth, type AuthVariables } from '../middleware/bearerAuth'
const RESET_PASSWORD = '123456'
export function createAdminRouter(db: Database, jwtSecret: string) {
const app = new Hono<{ Variables: AuthVariables }>()
@@ -39,6 +41,18 @@ export function createAdminRouter(db: Database, jwtSecret: string) {
return c.json({ id: user.id, username: user.username, role: user.role, createdAt: user.createdAt })
})
app.post('/users/:id/reset-password', async (c) => {
const targetId = c.req.param('id')
if (!findUserById(db, targetId)) {
return c.json({ error: '用户不存在' }, 404)
}
const passwordHash = await hashPassword(RESET_PASSWORD)
updateUserPasswordHash(db, targetId, passwordHash)
deleteRefreshTokensForUser(db, targetId)
return c.json({ ok: true })
})
app.delete('/users/:id', (c) => {
const targetId = c.req.param('id')
if (targetId === c.get('userId')) {