Password change

2015-10-12 20:43:59 -07:00 · 2015-10-12 20:43:59 -07:00 · e283ec7004
commit e283ec7004
parent 0331834b92
3 changed files with 34 additions and 0 deletions
--- a/api/users.go
+++ b/api/users.go
@ -259,3 +259,13 @@ func HandleUserLockout(w http.ResponseWriter, r *http.Request) *types.AppError {
 	fmt.Fprintln(w, `{}`)
 	return nil
 }
+
+func HandleUserPasswordChange(w http.ResponseWriter, r *http.Request) *types.AppError {
+	claims := helpers.GetClaims(r)
+
+	if err := models.UpdateUserPassword(claims.Sub, r.FormValue("password")); err != nil {
+		return newJSONError(err, http.StatusInternalServerError)
+	}
+
+	return nil
+}
--- a/handlers/handlers.go
+++ b/handlers/handlers.go
@ -68,6 +68,7 @@ func Handler() http.Handler {
 	// Everything past this point requires a valid token
 	routes := []r{
 		r{handleLister(userService), "GET", "/users"},
+		r{api.HandleUserPasswordChange, "POST", "/users/password"},
 		r{handleGetter(userService), "GET", "/users/{ID:.+}"},
 		r{handleUpdater(userService), "PUT", "/users/{ID:.+}"},
 		r{handleLister(speciesService), "GET", "/species"},
--- a/models/users.go
+++ b/models/users.go
@ -166,3 +166,26 @@ func ListUsers(opt helpers.ListOptions, claims *types.Claims) (*Users, error) {

 	return &users, nil
 }
+
+func UpdateUserPassword(id int64, password string) error {
+	user, err := DbGetUserByID(id)
+	if err != nil {
+		return err
+	}
+
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), 12)
+	if err != nil {
+		return err
+	}
+
+	user.Password = string(hash)
+
+	count, err := DBH.Update(user.UserBase)
+	if err != nil {
+		return err
+	}
+	if count != 1 {
+		return errors.ErrUserNotUpdated
+	}
+	return nil
+}