From 434856a44f8564e2102595327dd56a902dd53702 Mon Sep 17 00:00:00 2001 From: konrad Date: Tue, 23 Jan 2018 15:53:38 +0100 Subject: [PATCH] Added route to update a user's password --- models/user_add_update.go | 24 ++++++++++ routes/api/v1/user_update_password.go | 67 +++++++++++++++++++++++++++ routes/routes.go | 4 +- 3 files changed, 93 insertions(+), 2 deletions(-) create mode 100644 routes/api/v1/user_update_password.go diff --git a/models/user_add_update.go b/models/user_add_update.go index be66de2..f19b325 100644 --- a/models/user_add_update.go +++ b/models/user_add_update.go @@ -84,5 +84,29 @@ func UpdateUser(user User) (updatedUser User, err error) { // UpdateUserPassword updates the password of a user func UpdateUserPassword(userID int64, newPassword string) (err error) { + + // Get all user details + user, exists, err := GetUserByID(userID) + if err != nil { + return err + } + + if !exists { + return ErrUserDoesNotExist{userID} + } + + // Hash the new password and set it + hashed, err := hashPassword(newPassword) + if err != nil { + return err + } + user.Password = hashed + + // Update it + _, err = x.Id(user.ID).Update(user) + if err != nil { + return err + } + return nil } diff --git a/routes/api/v1/user_update_password.go b/routes/api/v1/user_update_password.go new file mode 100644 index 0000000..023a92b --- /dev/null +++ b/routes/api/v1/user_update_password.go @@ -0,0 +1,67 @@ +package v1 + +import ( + "net/http" + "strconv" + + "github.com/labstack/echo" + "git.mowie.cc/konrad/Library/models" +) + +type datPassword struct { + Password string `json:"password"` +} + +// UserChangePassword is the handler to add a user +func UserChangePassword(c echo.Context) error { + + // Check if the user is admin + if !models.IsAdmin(c) { + return echo.ErrUnauthorized + } + + // Check for Request Content + pwFromString := c.FormValue("password") + var datPw datPassword + + if pwFromString == "" { + if err := c.Bind(&datPw); err != nil { + return c.JSON(http.StatusBadRequest, models.Message{"No password provided."}) + } + } else { + // Take the value directly from the input + datPw.Password = pwFromString + } + + user := c.Param("id") + + if user == "" { + return c.JSON(http.StatusBadRequest, models.Message{"User ID cannot be empty."}) + } + + // Make int + userID, err := strconv.ParseInt(user, 10, 64) + if err != nil { + return c.JSON(http.StatusInternalServerError, models.Message{"Error getting user infos."}) + } + + // Get User Infos + _, exists, err := models.GetUserByID(userID) + + if err != nil { + return c.JSON(http.StatusInternalServerError, models.Message{"Error getting user infos."}) + } + + // Check if it exists + if !exists { + return c.JSON(http.StatusNotFound, models.Message{"User not found."}) + } + + err = models.UpdateUserPassword(userID, datPw.Password) + + if err != nil { + return err + } + + return c.JSON(http.StatusOK, models.Message{"The password was updated successfully"}) +} \ No newline at end of file diff --git a/routes/routes.go b/routes/routes.go index e7d8a04..9ffc758 100644 --- a/routes/routes.go +++ b/routes/routes.go @@ -108,13 +108,13 @@ func RegisterRoutes(e *echo.Echo) { // ====== Admin Routes ====== + // Manage Users a.GET("/users", apiv1.UsersList) a.PUT("/users", apiv1.UserAddOrUpdate) a.POST("/users/:id", apiv1.UserAddOrUpdate) a.GET("/users/:id", apiv1.UserShow) a.DELETE("/users/:id", apiv1.UserDelete) - - // Manage Users + a.POST("/users/:id/password", apiv1.UserChangePassword) /* Alles nur mit Api machen, davor dann einen onepager mit vue.js.