allow user to change their password

2023-02-09 01:07:31 -03:00 · 2023-02-09 01:07:31 -03:00 · a79709e1ac
commit a79709e1ac
parent e9d63a63d0
4 changed files with 49 additions and 9 deletions
--- a/backend/controllers/user.go
+++ b/backend/controllers/user.go
@ -2,10 +2,12 @@ package controllers
 import (
 	"encoding/json"
 	"errors"
 	"net/http"
 	"strconv"
 	"git.cromer.cl/Proyecto-Titulo/alai-server/backend/database"
 	"git.cromer.cl/Proyecto-Titulo/alai-server/backend/middlewares"
 	"git.cromer.cl/Proyecto-Titulo/alai-server/backend/models"
 	"git.cromer.cl/Proyecto-Titulo/alai-server/backend/utils"
@ -103,6 +105,9 @@ func UpdateUser(writer http.ResponseWriter, request *http.Request, params httpro
 	gdb := database.Connect()
 	defer database.Close(gdb)
 	claims := request.Context().Value(middlewares.JWTContextKey).(*utils.JWTClaim)
 	username := claims.Username
 	var user models.User
 	decoder := json.NewDecoder(request.Body)
@ -119,8 +124,33 @@ func UpdateUser(writer http.ResponseWriter, request *http.Request, params httpro
 		return
 	}
-	if user.Password != "" {
+	if user.NewPassword != "" {
-		user.HashPassword(user.Password)
+		var tmpUser models.User
 		result := gdb.Find(&tmpUser).Where(&models.User{Username: username})
 		if result.Error != nil {
 			utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
 			return
 		} else if result.RowsAffected == 0 {
 			writer.WriteHeader(http.StatusNotFound)
 			return
 		}
 		// If the logged in user and the modified user are no the same, password can't be changed
 		if tmpUser.ID != user.ID {
 			utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("only the same user may change password").Error())
 			return
 		}
 		err = tmpUser.CheckPassword(user.Password)
 		if err != nil {
 			utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("incorrect user or password").Error())
 			return
 		}
 		user.HashPassword(user.NewPassword)
 	} else {
 		user.Password = ""
 	}
 	result := gdb.Updates(&user)
--- a/backend/middlewares/auth.go
+++ b/backend/middlewares/auth.go
@ -1,6 +1,7 @@
 package middlewares
 import (
 	"context"
 	"errors"
 	"net/http"
 	"strings"
@ -10,6 +11,10 @@ import (
 	"github.com/julienschmidt/httprouter"
 )
 type contextKey string
 const JWTContextKey contextKey = "JWTClaims"
 func Authenticate(handle httprouter.Handle) httprouter.Handle {
 	return func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
 		reqToken := request.Header.Get("Authorization")
@ -20,12 +25,16 @@ func Authenticate(handle httprouter.Handle) httprouter.Handle {
 		}
 		tokenString := splitToken[1]
-		err := utils.ValidateToken(tokenString)
+		claims, err := utils.ValidateToken(tokenString)
 		if err != nil {
 			utils.JSONErrorOutput(writer, http.StatusUnauthorized, err.Error())
 			return
 		}
 		ctx := request.Context()
 		ctx = context.WithValue(ctx, JWTContextKey, claims)
 		request = request.WithContext(ctx)
 		handle(writer, request, params)
 	}
 }
--- a/backend/models/user.go
+++ b/backend/models/user.go
@ -11,7 +11,8 @@ type User struct {
 	Name        string `json:"name" gorm:"not null"`
 	Username    string `json:"username" gorm:"unique; not null"`
 	Email       string `json:"email" gorm:"unique;not null"`
-	Password string `json:"password" gorm:"not null"`
+	Password    string `json:"password,omitempty" gorm:"not null"`
 	NewPassword string `json:"new_password,omitempty" gorm:"-:all"`
 }
 func (user *User) HashPassword(password string) error {
--- a/backend/utils/jwt.go
+++ b/backend/utils/jwt.go
@ -28,7 +28,7 @@ func GenerateJWT(email string, username string) (tokenString string, err error)
 	return
 }
-func ValidateToken(signedToken string) (err error) {
+func ValidateToken(signedToken string) (claims *JWTClaim, err error) {
 	token, err := jwt.ParseWithClaims(
 		signedToken,
 		&JWTClaim{},