allow user to change their password

This commit is contained in:
Chris Cromer 2023-02-09 01:07:31 -03:00
parent 63392e2726
commit 73e958efb1
Signed by: cromer
GPG Key ID: FA91071797BEEEC2
4 changed files with 49 additions and 9 deletions

View File

@ -2,10 +2,12 @@ package controllers
import (
"encoding/json"
"errors"
"net/http"
"strconv"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/database"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/middlewares"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/models"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/utils"
@ -103,6 +105,9 @@ func UpdateUser(writer http.ResponseWriter, request *http.Request, params httpro
gdb := database.Connect()
defer database.Close(gdb)
claims := request.Context().Value(middlewares.JWTContextKey).(*utils.JWTClaim)
username := claims.Username
var user models.User
decoder := json.NewDecoder(request.Body)
@ -119,8 +124,33 @@ func UpdateUser(writer http.ResponseWriter, request *http.Request, params httpro
return
}
if user.Password != "" {
user.HashPassword(user.Password)
if user.NewPassword != "" {
var tmpUser models.User
result := gdb.Find(&tmpUser).Where(&models.User{Username: username})
if result.Error != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
return
} else if result.RowsAffected == 0 {
writer.WriteHeader(http.StatusNotFound)
return
}
// If the logged in user and the modified user are no the same, password can't be changed
if tmpUser.ID != user.ID {
utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("only the same user may change password").Error())
return
}
err = tmpUser.CheckPassword(user.Password)
if err != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("incorrect user or password").Error())
return
}
user.HashPassword(user.NewPassword)
} else {
user.Password = ""
}
result := gdb.Updates(&user)

View File

@ -1,6 +1,7 @@
package middlewares
import (
"context"
"errors"
"net/http"
"strings"
@ -10,6 +11,10 @@ import (
"github.com/julienschmidt/httprouter"
)
type contextKey string
const JWTContextKey contextKey = "JWTClaims"
func Authenticate(handle httprouter.Handle) httprouter.Handle {
return func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
reqToken := request.Header.Get("Authorization")
@ -20,12 +25,16 @@ func Authenticate(handle httprouter.Handle) httprouter.Handle {
}
tokenString := splitToken[1]
err := utils.ValidateToken(tokenString)
claims, err := utils.ValidateToken(tokenString)
if err != nil {
utils.JSONErrorOutput(writer, http.StatusUnauthorized, err.Error())
return
}
ctx := request.Context()
ctx = context.WithValue(ctx, JWTContextKey, claims)
request = request.WithContext(ctx)
handle(writer, request, params)
}
}

View File

@ -11,7 +11,8 @@ type User struct {
Name string `json:"name" gorm:"not null"`
Username string `json:"username" gorm:"unique; not null"`
Email string `json:"email" gorm:"unique;not null"`
Password string `json:"password" gorm:"not null"`
Password string `json:"password,omitempty" gorm:"not null"`
NewPassword string `json:"new_password,omitempty" gorm:"-:all"`
}
func (user *User) HashPassword(password string) error {

View File

@ -28,7 +28,7 @@ func GenerateJWT(email string, username string) (tokenString string, err error)
return
}
func ValidateToken(signedToken string) (err error) {
func ValidateToken(signedToken string) (claims *JWTClaim, err error) {
token, err := jwt.ParseWithClaims(
signedToken,
&JWTClaim{},