From 85c9fba8088da1ae97de836a66bc0d1ee6b3f473 Mon Sep 17 00:00:00 2001 From: konrad Date: Wed, 3 Oct 2018 19:28:17 +0200 Subject: [PATCH] Added the ability to update a users password --- models/user_add_update.go | 8 +-- models/user_test.go | 4 +- routes/api/v1/user_update_password.go | 88 +++++++++++---------------- routes/routes.go | 1 + 4 files changed, 43 insertions(+), 58 deletions(-) diff --git a/models/user_add_update.go b/models/user_add_update.go index 6c20e39a..e712d198 100644 --- a/models/user_add_update.go +++ b/models/user_add_update.go @@ -109,10 +109,10 @@ func UpdateUser(user User) (updatedUser User, err error) { } // UpdateUserPassword updates the password of a user -func UpdateUserPassword(userID int64, newPassword string, doer *User) (err error) { +func UpdateUserPassword(user *User, newPassword string) (err error) { // Get all user details - user, err := GetUserByID(userID) + theUser, err := GetUserByID(user.ID) if err != nil { return err } @@ -122,10 +122,10 @@ func UpdateUserPassword(userID int64, newPassword string, doer *User) (err error if err != nil { return err } - user.Password = hashed + theUser.Password = hashed // Update it - _, err = x.Id(user.ID).Update(user) + _, err = x.Id(user.ID).Update(theUser) if err != nil { return err } diff --git a/models/user_test.go b/models/user_test.go index 904af48c..5500038f 100644 --- a/models/user_test.go +++ b/models/user_test.go @@ -99,7 +99,7 @@ func TestCreateUser(t *testing.T) { // Update a users password newpassword := "55555" - err = UpdateUserPassword(theuser.ID, newpassword, &doer) + err = UpdateUserPassword(&theuser, newpassword) assert.NoError(t, err) // Check if it was changed @@ -116,7 +116,7 @@ func TestCreateUser(t *testing.T) { assert.True(t, len(all) > 0) // Try updating the password of a nonexistent user (should fail) - err = UpdateUserPassword(9999, newpassword, &doer) + err = UpdateUserPassword(&User{ID: 9999}, newpassword) assert.Error(t, err) assert.True(t, IsErrUserDoesNotExist(err)) diff --git a/routes/api/v1/user_update_password.go b/routes/api/v1/user_update_password.go index 47313be8..a61bbd00 100644 --- a/routes/api/v1/user_update_password.go +++ b/routes/api/v1/user_update_password.go @@ -1,77 +1,61 @@ package v1 import ( - "net/http" - "strconv" - "code.vikunja.io/api/models" "github.com/labstack/echo" + "net/http" ) -type datPassword struct { +type UserPassword struct { Password string `json:"password"` } -// UserChangePassword is the handler to add a user +// UserChangePassword is the handler to change a users password func UserChangePassword(c echo.Context) error { - - // Get the ID - user := c.Param("id") - - if user == "" { - return c.JSON(http.StatusBadRequest, models.Message{"User ID cannot be empty."}) - } - - // Make int - userID, err := strconv.ParseInt(user, 10, 64) - if err != nil { - return c.JSON(http.StatusBadRequest, models.Message{"User ID is invalid."}) - } + // swagger:operation POST /user/password user updatePassword + // --- + // summary: Shows the current user + // consumes: + // - application/json + // produces: + // - application/json + // parameters: + // - name: body + // in: body + // schema: + // "$ref": "#/definitions/Password" + // responses: + // "200": + // "$ref": "#/responses/Message" + // "400": + // "$ref": "#/responses/Message" + // "404": + // "$ref": "#/responses/Message" + // "500": + // "$ref": "#/responses/Message" // Check if the user is itself - userJWTinfo, err := models.GetCurrentUser(c) + doer, err := models.GetCurrentUser(c) if err != nil { - return c.JSON(http.StatusInternalServerError, models.Message{"Error getting current user."}) - } - - if userJWTinfo.ID != userID { - return echo.ErrUnauthorized + return echo.NewHTTPError(http.StatusInternalServerError, "Error getting current user.") } // Check for Request Content - pwFromString := c.FormValue("password") - var datPw datPassword - - if pwFromString == "" { - if err := c.Bind(&datPw); err != nil { - return c.JSON(http.StatusBadRequest, models.Message{"No password provided."}) - } - } else { - // Take the value directly from the input - datPw.Password = pwFromString + var newPW UserPassword + if err := c.Bind(&newPW); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "No password provided.") } - // Get User Infos - _, err = models.GetUserByID(userID) - + // Update the password + err = models.UpdateUserPassword(&doer, newPW.Password) if err != nil { if models.IsErrUserDoesNotExist(err) { - return c.JSON(http.StatusNotFound, models.Message{"The user does not exist."}) + return echo.NewHTTPError(http.StatusNotFound, "The user does not exist.") } - return c.JSON(http.StatusInternalServerError, models.Message{"Error getting user infos."}) + + models.Log.Error("Error updating a users password, user: %d", doer.ID) + return echo.NewHTTPError(http.StatusInternalServerError, "An error occurred.") } - // Get the doer options - doer, err := models.GetCurrentUser(c) - if err != nil { - return err - } - - err = models.UpdateUserPassword(userID, datPw.Password, &doer) - - if err != nil { - return err - } - - return c.JSON(http.StatusOK, models.Message{"The password was updated successfully"}) + return c.JSON(http.StatusOK, models.Message{"The password was updated successfully."}) } diff --git a/routes/routes.go b/routes/routes.go index ed6d9cd8..eba228bf 100644 --- a/routes/routes.go +++ b/routes/routes.go @@ -73,6 +73,7 @@ func RegisterRoutes(e *echo.Echo) { // User stuff a.GET("/user", apiv1.UserShow) + a.POST("/user/password", apiv1.UserChangePassword) a.GET("/users", apiv1.UserList) listHandler := &crud.WebHandler{