From e283ec700472032df74e0bc9afaa64af7ffb61ed Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Mon, 12 Oct 2015 20:43:59 -0700 Subject: [PATCH] Password change --- api/users.go | 10 ++++++++++ handlers/handlers.go | 1 + models/users.go | 23 +++++++++++++++++++++++ 3 files changed, 34 insertions(+) diff --git a/api/users.go b/api/users.go index 825d9bc..93ba51d 100644 --- a/api/users.go +++ b/api/users.go @@ -259,3 +259,13 @@ func HandleUserLockout(w http.ResponseWriter, r *http.Request) *types.AppError { fmt.Fprintln(w, `{}`) return nil } + +func HandleUserPasswordChange(w http.ResponseWriter, r *http.Request) *types.AppError { + claims := helpers.GetClaims(r) + + if err := models.UpdateUserPassword(claims.Sub, r.FormValue("password")); err != nil { + return newJSONError(err, http.StatusInternalServerError) + } + + return nil +} diff --git a/handlers/handlers.go b/handlers/handlers.go index 55064a2..2c57caa 100644 --- a/handlers/handlers.go +++ b/handlers/handlers.go @@ -68,6 +68,7 @@ func Handler() http.Handler { // Everything past this point requires a valid token routes := []r{ r{handleLister(userService), "GET", "/users"}, + r{api.HandleUserPasswordChange, "POST", "/users/password"}, r{handleGetter(userService), "GET", "/users/{ID:.+}"}, r{handleUpdater(userService), "PUT", "/users/{ID:.+}"}, r{handleLister(speciesService), "GET", "/species"}, diff --git a/models/users.go b/models/users.go index f2ad267..b9f8fc2 100644 --- a/models/users.go +++ b/models/users.go @@ -166,3 +166,26 @@ func ListUsers(opt helpers.ListOptions, claims *types.Claims) (*Users, error) { return &users, nil } + +func UpdateUserPassword(id int64, password string) error { + user, err := DbGetUserByID(id) + if err != nil { + return err + } + + hash, err := bcrypt.GenerateFromPassword([]byte(password), 12) + if err != nil { + return err + } + + user.Password = string(hash) + + count, err := DBH.Update(user.UserBase) + if err != nil { + return err + } + if count != 1 { + return errors.ErrUserNotUpdated + } + return nil +}