allow user to change their password

This commit is contained in:
Chris Cromer 2023-02-09 01:07:31 -03:00 committed by Martin Araneda
parent e9d63a63d0
commit a79709e1ac
4 changed files with 49 additions and 9 deletions

View File

@ -2,10 +2,12 @@ package controllers
import ( import (
"encoding/json" "encoding/json"
"errors"
"net/http" "net/http"
"strconv" "strconv"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/database" "git.cromer.cl/Proyecto-Titulo/alai-server/backend/database"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/middlewares"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/models" "git.cromer.cl/Proyecto-Titulo/alai-server/backend/models"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/utils" "git.cromer.cl/Proyecto-Titulo/alai-server/backend/utils"
@ -103,6 +105,9 @@ func UpdateUser(writer http.ResponseWriter, request *http.Request, params httpro
gdb := database.Connect() gdb := database.Connect()
defer database.Close(gdb) defer database.Close(gdb)
claims := request.Context().Value(middlewares.JWTContextKey).(*utils.JWTClaim)
username := claims.Username
var user models.User var user models.User
decoder := json.NewDecoder(request.Body) decoder := json.NewDecoder(request.Body)
@ -119,8 +124,33 @@ func UpdateUser(writer http.ResponseWriter, request *http.Request, params httpro
return return
} }
if user.Password != "" { if user.NewPassword != "" {
user.HashPassword(user.Password) var tmpUser models.User
result := gdb.Find(&tmpUser).Where(&models.User{Username: username})
if result.Error != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
return
} else if result.RowsAffected == 0 {
writer.WriteHeader(http.StatusNotFound)
return
}
// If the logged in user and the modified user are no the same, password can't be changed
if tmpUser.ID != user.ID {
utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("only the same user may change password").Error())
return
}
err = tmpUser.CheckPassword(user.Password)
if err != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("incorrect user or password").Error())
return
}
user.HashPassword(user.NewPassword)
} else {
user.Password = ""
} }
result := gdb.Updates(&user) result := gdb.Updates(&user)

View File

@ -1,6 +1,7 @@
package middlewares package middlewares
import ( import (
"context"
"errors" "errors"
"net/http" "net/http"
"strings" "strings"
@ -10,6 +11,10 @@ import (
"github.com/julienschmidt/httprouter" "github.com/julienschmidt/httprouter"
) )
type contextKey string
const JWTContextKey contextKey = "JWTClaims"
func Authenticate(handle httprouter.Handle) httprouter.Handle { func Authenticate(handle httprouter.Handle) httprouter.Handle {
return func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) { return func(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
reqToken := request.Header.Get("Authorization") reqToken := request.Header.Get("Authorization")
@ -20,12 +25,16 @@ func Authenticate(handle httprouter.Handle) httprouter.Handle {
} }
tokenString := splitToken[1] tokenString := splitToken[1]
err := utils.ValidateToken(tokenString) claims, err := utils.ValidateToken(tokenString)
if err != nil { if err != nil {
utils.JSONErrorOutput(writer, http.StatusUnauthorized, err.Error()) utils.JSONErrorOutput(writer, http.StatusUnauthorized, err.Error())
return return
} }
ctx := request.Context()
ctx = context.WithValue(ctx, JWTContextKey, claims)
request = request.WithContext(ctx)
handle(writer, request, params) handle(writer, request, params)
} }
} }

View File

@ -7,11 +7,12 @@ import (
type User struct { type User struct {
gorm.Model gorm.Model
ID uint64 `json:"ID" gorm:"primaryKey"` ID uint64 `json:"ID" gorm:"primaryKey"`
Name string `json:"name" gorm:"not null"` Name string `json:"name" gorm:"not null"`
Username string `json:"username" gorm:"unique; not null"` Username string `json:"username" gorm:"unique; not null"`
Email string `json:"email" gorm:"unique;not null"` Email string `json:"email" gorm:"unique;not null"`
Password string `json:"password" gorm:"not null"` Password string `json:"password,omitempty" gorm:"not null"`
NewPassword string `json:"new_password,omitempty" gorm:"-:all"`
} }
func (user *User) HashPassword(password string) error { func (user *User) HashPassword(password string) error {

View File

@ -28,7 +28,7 @@ func GenerateJWT(email string, username string) (tokenString string, err error)
return return
} }
func ValidateToken(signedToken string) (err error) { func ValidateToken(signedToken string) (claims *JWTClaim, err error) {
token, err := jwt.ParseWithClaims( token, err := jwt.ParseWithClaims(
signedToken, signedToken,
&JWTClaim{}, &JWTClaim{},