7 files changed, 51 insertions, 0 deletions

diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 6abf234c6..8497685a6 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -33,6 +33,16 @@ defmodule Pleroma.Web.Router do
     plug :accepts, ["html", "json"]
   end
 
+  pipeline :password_reset do
+    plug :accepts, ["html"]
+  end
+
+  scope "/api/pleroma", Pleroma.Web.TwitterAPI do
+    pipe_through :password_reset
+    get "/password_reset/:token", UtilController, :show_password_reset
+    post "/password_reset", UtilController, :password_reset
+  end
+
   scope "/oauth", Pleroma.Web.OAuth do
     get "/authorize", OAuthController, :authorize
     post "/authorize", OAuthController, :create_authorization
diff --git a/lib/pleroma/web/templates/twitter_api/util/invalid_token.html.eex b/lib/pleroma/web/templates/twitter_api/util/invalid_token.html.eex
new file mode 100644
index 000000000..ee84750c7
--- /dev/null
+++ b/lib/pleroma/web/templates/twitter_api/util/invalid_token.html.eex
@@ -0,0 +1 @@
+<h2>Invalid Token</h2>
diff --git a/lib/pleroma/web/templates/twitter_api/util/password_reset.html.eex b/lib/pleroma/web/templates/twitter_api/util/password_reset.html.eex
new file mode 100644
index 000000000..3c7960998
--- /dev/null
+++ b/lib/pleroma/web/templates/twitter_api/util/password_reset.html.eex
@@ -0,0 +1,12 @@
+<h2>Password Reset for <%= @user.nickname %></h2>
+<%= form_for @conn, util_path(@conn, :password_reset), [as: "data"], fn f -> %>
+<%= label f, :password, "Password" %>
+<%= password_input f, :password %>
+<br>
+
+<%= label f, :password_confirmation, "Confirmation" %>
+<%= password_input f, :password_confirmation %>
+<br>
+<%= hidden_input f, :token, value: @token.token %>
+<%= submit "Reset" %>
+<% end %>
diff --git a/lib/pleroma/web/templates/twitter_api/util/password_reset_failed.html.eex b/lib/pleroma/web/templates/twitter_api/util/password_reset_failed.html.eex
new file mode 100644
index 000000000..58a3736fd
--- /dev/null
+++ b/lib/pleroma/web/templates/twitter_api/util/password_reset_failed.html.eex
@@ -0,0 +1 @@
+<h2>Password reset failed</h2>
diff --git a/lib/pleroma/web/templates/twitter_api/util/password_reset_success.html.eex b/lib/pleroma/web/templates/twitter_api/util/password_reset_success.html.eex
new file mode 100644
index 000000000..c7dfcb6dd
--- /dev/null
+++ b/lib/pleroma/web/templates/twitter_api/util/password_reset_success.html.eex
@@ -0,0 +1 @@
+<h2>Password changed!</h2>
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 32910d92c..11d8fa6c2 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -2,6 +2,28 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
   use Pleroma.Web, :controller
   alias Pleroma.Web
 
+  alias Pleroma.{Repo, PasswordResetToken, User}
+
+  def show_password_reset(conn, %{"token" => token}) do
+    with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
+      %User{} = user <- Repo.get(User, token.user_id) do
+      render conn, "password_reset.html", %{
+        token: token,
+        user: user
+      }
+    else
+      _e -> render conn, "invalid_token.html"
+    end
+  end
+
+  def password_reset(conn, %{"data" => data}) do
+    with {:ok, _} <- PasswordResetToken.reset_password(data["token"], data) do
+      render conn, "password_reset_success.html"
+    else
+      _e -> render conn, "password_reset_failed.html"
+    end
+  end
+
   def help_test(conn, _params) do
     json(conn, "ok")
   end
diff --git a/lib/pleroma/web/twitter_api/views/util_view.ex b/lib/pleroma/web/twitter_api/views/util_view.ex
new file mode 100644
index 000000000..71b04e6cc
--- /dev/null
+++ b/lib/pleroma/web/twitter_api/views/util_view.ex
@@ -0,0 +1,4 @@
+defmodule Pleroma.Web.TwitterAPI.UtilView do
+  use Pleroma.Web, :view
+  import Phoenix.HTML.Form
+end