allow user to change their password
This commit is contained in:
parent
63392e2726
commit
73e958efb1
@ -2,10 +2,12 @@ package controllers
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/database"
|
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/database"
|
||||||
|
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/middlewares"
|
||||||
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/models"
|
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/models"
|
||||||
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/utils"
|
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/utils"
|
||||||
|
|
||||||
@ -103,6 +105,9 @@ func UpdateUser(writer http.ResponseWriter, request *http.Request, params httpro
|
|||||||
gdb := database.Connect()
|
gdb := database.Connect()
|
||||||
defer database.Close(gdb)
|
defer database.Close(gdb)
|
||||||
|
|
||||||
|
claims := request.Context().Value(middlewares.JWTContextKey).(*utils.JWTClaim)
|
||||||
|
username := claims.Username
|
||||||
|
|
||||||
var user models.User
|
var user models.User
|
||||||
|
|
||||||
decoder := json.NewDecoder(request.Body)
|
decoder := json.NewDecoder(request.Body)
|
||||||
@ -119,8 +124,33 @@ func UpdateUser(writer http.ResponseWriter, request *http.Request, params httpro
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if user.Password != "" {
|
if user.NewPassword != "" {
|
||||||
user.HashPassword(user.Password)
|
var tmpUser models.User
|
||||||
|
|
||||||
|
result := gdb.Find(&tmpUser).Where(&models.User{Username: username})
|
||||||
|
if result.Error != nil {
|
||||||
|
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
|
||||||
|
return
|
||||||
|
} else if result.RowsAffected == 0 {
|
||||||
|
writer.WriteHeader(http.StatusNotFound)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// If the logged in user and the modified user are no the same, password can't be changed
|
||||||
|
if tmpUser.ID != user.ID {
|
||||||
|
utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("only the same user may change password").Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
err = tmpUser.CheckPassword(user.Password)
|
||||||
|
if err != nil {
|
||||||
|
utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("incorrect user or password").Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
user.HashPassword(user.NewPassword)
|
||||||
|
} else {
|
||||||
|
user.Password = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
result := gdb.Updates(&user)
|
result := gdb.Updates(&user)
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package middlewares
|
package middlewares
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
@ -10,6 +11,10 @@ import (
|
|||||||
"github.com/julienschmidt/httprouter"
|
"github.com/julienschmidt/httprouter"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type contextKey string
|
||||||
|
|
||||||
|
const JWTContextKey contextKey = "JWTClaims"
|
||||||
|
|
||||||
func Authenticate(handle httprouter.Handle) httprouter.Handle {
|
func Authenticate(handle httprouter.Handle) httprouter.Handle {
|
||||||
return func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
|
return func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
|
||||||
reqToken := request.Header.Get("Authorization")
|
reqToken := request.Header.Get("Authorization")
|
||||||
@ -20,12 +25,16 @@ func Authenticate(handle httprouter.Handle) httprouter.Handle {
|
|||||||
}
|
}
|
||||||
tokenString := splitToken[1]
|
tokenString := splitToken[1]
|
||||||
|
|
||||||
err := utils.ValidateToken(tokenString)
|
claims, err := utils.ValidateToken(tokenString)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.JSONErrorOutput(writer, http.StatusUnauthorized, err.Error())
|
utils.JSONErrorOutput(writer, http.StatusUnauthorized, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx := request.Context()
|
||||||
|
ctx = context.WithValue(ctx, JWTContextKey, claims)
|
||||||
|
request = request.WithContext(ctx)
|
||||||
|
|
||||||
handle(writer, request, params)
|
handle(writer, request, params)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -7,11 +7,12 @@ import (
|
|||||||
|
|
||||||
type User struct {
|
type User struct {
|
||||||
gorm.Model
|
gorm.Model
|
||||||
ID uint64 `json:"ID" gorm:"primaryKey"`
|
ID uint64 `json:"ID" gorm:"primaryKey"`
|
||||||
Name string `json:"name" gorm:"not null"`
|
Name string `json:"name" gorm:"not null"`
|
||||||
Username string `json:"username" gorm:"unique; not null"`
|
Username string `json:"username" gorm:"unique; not null"`
|
||||||
Email string `json:"email" gorm:"unique;not null"`
|
Email string `json:"email" gorm:"unique;not null"`
|
||||||
Password string `json:"password" gorm:"not null"`
|
Password string `json:"password,omitempty" gorm:"not null"`
|
||||||
|
NewPassword string `json:"new_password,omitempty" gorm:"-:all"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (user *User) HashPassword(password string) error {
|
func (user *User) HashPassword(password string) error {
|
||||||
|
@ -28,7 +28,7 @@ func GenerateJWT(email string, username string) (tokenString string, err error)
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
func ValidateToken(signedToken string) (err error) {
|
func ValidateToken(signedToken string) (claims *JWTClaim, err error) {
|
||||||
token, err := jwt.ParseWithClaims(
|
token, err := jwt.ParseWithClaims(
|
||||||
signedToken,
|
signedToken,
|
||||||
&JWTClaim{},
|
&JWTClaim{},
|
||||||
|
Loading…
Reference in New Issue
Block a user