From 5add9b26ec4cb2139706928ec8746f51cf264bb4 Mon Sep 17 00:00:00 2001
From: SkyAjax <sergei24ruban@gmail.com>
Date: Mon, 18 Sep 2023 18:29:44 +0300
Subject: [PATCH 1/5] [#355] fix non-exist hash access

---
 backend/src/users/users.controller.ts       |  8 ++++++++
 backend/src/users/users.service.ts          | 10 ++++++++++
 frontend/src/pages/reset-password/index.jsx | 20 ++++++++++++++++++--
 3 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/backend/src/users/users.controller.ts b/backend/src/users/users.controller.ts
index 579625b7..3e69d173 100644
--- a/backend/src/users/users.controller.ts
+++ b/backend/src/users/users.controller.ts
@@ -101,6 +101,14 @@ export class UsersController {
     return this.usersService.recover(recoverUserDto);
   }
 
+  @Get('recover/:hash')
+  @UseFilters(new HttpValidationFilter())
+  @ApiParam({ name: 'hash', description: 'Hash key for user recovery!' })
+  @ApiOkResponse({ description: 'Successfully checked recovery hash key' })
+  async checkHash(@Param('hash') hash: string) {
+    return this.usersService.checkHash(hash);
+  }
+
   @Post('recover/:hash')
   @UseFilters(new HttpValidationFilter())
   @ApiParam({ name: 'hash', description: 'Hash key for user password reset!' })
diff --git a/backend/src/users/users.service.ts b/backend/src/users/users.service.ts
index 0e35fe95..6e6691b3 100644
--- a/backend/src/users/users.service.ts
+++ b/backend/src/users/users.service.ts
@@ -89,6 +89,16 @@ export class UsersService {
     }
   }
 
+  async checkHash(hash: string): Promise<{ id: number | null }> {
+    const email = await decipher(Buffer.from(hash, 'hex'));
+    const currentUser = await this.find(email);
+    
+    if (currentUser && currentUser.recover_hash === hash) {
+      return { id: currentUser.id };
+    }
+    return { id: null };
+  }
+
   async resetPassword(
     { password }: UpdateUserDto,
     hash,
diff --git a/frontend/src/pages/reset-password/index.jsx b/frontend/src/pages/reset-password/index.jsx
index 9eafd583..0e0088b8 100644
--- a/frontend/src/pages/reset-password/index.jsx
+++ b/frontend/src/pages/reset-password/index.jsx
@@ -1,5 +1,8 @@
+import { useEffect, useState } from 'react';
+import axios from 'axios';
+
 import { useTranslation } from 'react-i18next';
-import { useNavigate } from 'react-router-dom';
+import { useNavigate, useParams } from 'react-router-dom';
 
 import Col from 'react-bootstrap/Col';
 import Container from 'react-bootstrap/Container';
@@ -8,12 +11,23 @@ import Row from 'react-bootstrap/Row';
 import routes from '../../routes.js';
 
 import ResetPasswordForm from '../../components/Forms/ResetPasswordForm';
+import NotFoundPage from '../404';
 
 function ResetPasswordPage() {
   const { t } = useTranslation();
   const navigate = useNavigate();
+  const { hash } = useParams();
+  const [hasHash, setHashState] = useState(false);
+
+  useEffect(() => {
+    const checkHash = async () => {
+      const { data } = await axios.get(`${routes.resetPassPath()}/${hash}`);
+      return data.id ? setHashState(true) : setHashState(false);
+    };
+    checkHash();
+  }, [hasHash, hash]);
 
-  return (
+  return hasHash ? (
     <div className="page-bg-image">
       <Container className="h-100" fluid="sm">
         <Row className="justify-content-center align-items-center m-auto py-3 py-sm-5 h-100">
@@ -30,6 +44,8 @@ function ResetPasswordPage() {
         </Row>
       </Container>
     </div>
+  ) : (
+    <NotFoundPage />
   );
 }
 

From 5cf9fdd5813125d0b8aa08d0e4cae240bda8f333 Mon Sep 17 00:00:00 2001
From: SkyAjax <sergei24ruban@gmail.com>
Date: Mon, 18 Sep 2023 18:34:58 +0300
Subject: [PATCH 2/5] [#355] fix linter error

---
 backend/src/users/users.service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/users/users.service.ts b/backend/src/users/users.service.ts
index 6e6691b3..75339cb1 100644
--- a/backend/src/users/users.service.ts
+++ b/backend/src/users/users.service.ts
@@ -92,7 +92,7 @@ export class UsersService {
   async checkHash(hash: string): Promise<{ id: number | null }> {
     const email = await decipher(Buffer.from(hash, 'hex'));
     const currentUser = await this.find(email);
-    
+
     if (currentUser && currentUser.recover_hash === hash) {
       return { id: currentUser.id };
     }

From f1f046a5a8aad7f6f326ffd7af0e20b09a3904f7 Mon Sep 17 00:00:00 2001
From: SkyAjax <sergei24ruban@gmail.com>
Date: Mon, 18 Sep 2023 19:53:52 +0300
Subject: [PATCH 3/5] [#355] remove extra return

---
 frontend/src/pages/reset-password/index.jsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/pages/reset-password/index.jsx b/frontend/src/pages/reset-password/index.jsx
index 0e0088b8..6507e576 100644
--- a/frontend/src/pages/reset-password/index.jsx
+++ b/frontend/src/pages/reset-password/index.jsx
@@ -22,7 +22,7 @@ function ResetPasswordPage() {
   useEffect(() => {
     const checkHash = async () => {
       const { data } = await axios.get(`${routes.resetPassPath()}/${hash}`);
-      return data.id ? setHashState(true) : setHashState(false);
+      data.id ? setHashState(true) : setHashState(false);
     };
     checkHash();
   }, [hasHash, hash]);

From 0b80530cffb1815c54f566e97c64e92e0917e8c4 Mon Sep 17 00:00:00 2001
From: SkyAjax <sergei24ruban@gmail.com>
Date: Mon, 18 Sep 2023 20:54:06 +0300
Subject: [PATCH 4/5] [#355] fix checkHash function

---
 frontend/src/pages/reset-password/index.jsx | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/frontend/src/pages/reset-password/index.jsx b/frontend/src/pages/reset-password/index.jsx
index 6507e576..72644a7d 100644
--- a/frontend/src/pages/reset-password/index.jsx
+++ b/frontend/src/pages/reset-password/index.jsx
@@ -17,17 +17,17 @@ function ResetPasswordPage() {
   const { t } = useTranslation();
   const navigate = useNavigate();
   const { hash } = useParams();
-  const [hasHash, setHashState] = useState(false);
+  const [userId, setUserId] = useState(false);
 
   useEffect(() => {
     const checkHash = async () => {
       const { data } = await axios.get(`${routes.resetPassPath()}/${hash}`);
-      data.id ? setHashState(true) : setHashState(false);
+      setUserId(!!data.id);
     };
     checkHash();
-  }, [hasHash, hash]);
+  }, [userId, hash]);
 
-  return hasHash ? (
+  return userId ? (
     <div className="page-bg-image">
       <Container className="h-100" fluid="sm">
         <Row className="justify-content-center align-items-center m-auto py-3 py-sm-5 h-100">

From c2e847a96dfde7f6018fada08a0baf2eaad7f926 Mon Sep 17 00:00:00 2001
From: SkyAjax <sergei24ruban@gmail.com>
Date: Mon, 18 Sep 2023 21:00:06 +0300
Subject: [PATCH 5/5] [#355] fix checkHash function

---
 frontend/src/pages/reset-password/index.jsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/pages/reset-password/index.jsx b/frontend/src/pages/reset-password/index.jsx
index 72644a7d..64d3e4fd 100644
--- a/frontend/src/pages/reset-password/index.jsx
+++ b/frontend/src/pages/reset-password/index.jsx
@@ -22,7 +22,7 @@ function ResetPasswordPage() {
   useEffect(() => {
     const checkHash = async () => {
       const { data } = await axios.get(`${routes.resetPassPath()}/${hash}`);
-      setUserId(!!data.id);
+      setUserId(data.id);
     };
     checkHash();
   }, [userId, hash]);