local-it/vikunja-api
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Added the ability to update a users password

Browse source
This commit is contained in:
konrad 2018-10-03 19:28:17 +02:00
parent 17368dea9a
commit 85c9fba808
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
4 changed files with 43 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
models/user_add_update.go
View file

@ -109,10 +109,10 @@ func UpdateUser(user User) (updatedUser User, err error) {
} }
// UpdateUserPassword updates the password of a user // UpdateUserPassword updates the password of a user
func UpdateUserPassword(userID int64, newPassword string, doer *User) (err error) { func UpdateUserPassword(user *User, newPassword string) (err error) {
// Get all user details // Get all user details
user, err := GetUserByID(userID) theUser, err := GetUserByID(user.ID)
if err != nil { if err != nil {
return err return err
} }
@ -122,10 +122,10 @@ func UpdateUserPassword(userID int64, newPassword string, doer *User) (err error
if err != nil { if err != nil {
return err return err
} }
user.Password = hashed theUser.Password = hashed
// Update it // Update it
_, err = x.Id(user.ID).Update(user) _, err = x.Id(user.ID).Update(theUser)
if err != nil { if err != nil {
return err return err
} }

4
models/user_test.go
View file

@ -99,7 +99,7 @@ func TestCreateUser(t *testing.T) {
// Update a users password // Update a users password
newpassword := "55555" newpassword := "55555"
err = UpdateUserPassword(theuser.ID, newpassword, &doer) err = UpdateUserPassword(&theuser, newpassword)
assert.NoError(t, err) assert.NoError(t, err)
// Check if it was changed // Check if it was changed
@ -116,7 +116,7 @@ func TestCreateUser(t *testing.T) {
assert.True(t, len(all) > 0) assert.True(t, len(all) > 0)
// Try updating the password of a nonexistent user (should fail) // Try updating the password of a nonexistent user (should fail)
err = UpdateUserPassword(9999, newpassword, &doer) err = UpdateUserPassword(&User{ID: 9999}, newpassword)
assert.Error(t, err) assert.Error(t, err)
assert.True(t, IsErrUserDoesNotExist(err)) assert.True(t, IsErrUserDoesNotExist(err))

86
routes/api/v1/user_update_password.go
View file

@ -1,77 +1,61 @@
package v1 package v1
import ( import (
"net/http"
"strconv"
"code.vikunja.io/api/models" "code.vikunja.io/api/models"
"github.com/labstack/echo" "github.com/labstack/echo"
"net/http"
) )
type datPassword struct { type UserPassword struct {
Password string `json:"password"` Password string `json:"password"`
} }
// UserChangePassword is the handler to add a user // UserChangePassword is the handler to change a users password
func UserChangePassword(c echo.Context) error { func UserChangePassword(c echo.Context) error {
// swagger:operation POST /user/password user updatePassword
// Get the ID // ---
user := c.Param("id") // summary: Shows the current user
// consumes:
if user == "" { // - application/json
return c.JSON(http.StatusBadRequest, models.Message{"User ID cannot be empty."}) // produces:
} // - application/json
// parameters:
// Make int // - name: body
userID, err := strconv.ParseInt(user, 10, 64) // in: body
if err != nil { // schema:
return c.JSON(http.StatusBadRequest, models.Message{"User ID is invalid."}) // "$ref": "#/definitions/Password"
} // responses:
// "200":
// "$ref": "#/responses/Message"
// "400":
// "$ref": "#/responses/Message"
// "404":
// "$ref": "#/responses/Message"
// "500":
// "$ref": "#/responses/Message"
// Check if the user is itself // Check if the user is itself
userJWTinfo, err := models.GetCurrentUser(c) doer, err := models.GetCurrentUser(c)
if err != nil { if err != nil {
return c.JSON(http.StatusInternalServerError, models.Message{"Error getting current user."}) return echo.NewHTTPError(http.StatusInternalServerError, "Error getting current user.")
}
if userJWTinfo.ID != userID {
return echo.ErrUnauthorized
} }
// Check for Request Content // Check for Request Content
pwFromString := c.FormValue("password") var newPW UserPassword
var datPw datPassword if err := c.Bind(&newPW); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
if pwFromString == "" {
if err := c.Bind(&datPw); err != nil {
return c.JSON(http.StatusBadRequest, models.Message{"No password provided."})
}
} else {
// Take the value directly from the input
datPw.Password = pwFromString
} }
// Get User Infos // Update the password
_, err = models.GetUserByID(userID) err = models.UpdateUserPassword(&doer, newPW.Password)
if err != nil { if err != nil {
if models.IsErrUserDoesNotExist(err) { if models.IsErrUserDoesNotExist(err) {
return c.JSON(http.StatusNotFound, models.Message{"The user does not exist."}) return echo.NewHTTPError(http.StatusNotFound, "The user does not exist.")
}
return c.JSON(http.StatusInternalServerError, models.Message{"Error getting user infos."})
} }
// Get the doer options models.Log.Error("Error updating a users password, user: %d", doer.ID)
doer, err := models.GetCurrentUser(c) return echo.NewHTTPError(http.StatusInternalServerError, "An error occurred.")
if err != nil {
return err
} }
err = models.UpdateUserPassword(userID, datPw.Password, &doer) return c.JSON(http.StatusOK, models.Message{"The password was updated successfully."})
if err != nil {
return err
}
return c.JSON(http.StatusOK, models.Message{"The password was updated successfully"})
} }

1
routes/routes.go
View file

@ -73,6 +73,7 @@ func RegisterRoutes(e *echo.Echo) {
// User stuff // User stuff
a.GET("/user", apiv1.UserShow) a.GET("/user", apiv1.UserShow)
a.POST("/user/password", apiv1.UserChangePassword)
a.GET("/users", apiv1.UserList) a.GET("/users", apiv1.UserList)
listHandler := &crud.WebHandler{ listHandler := &crud.WebHandler{