Mirrors/VILLASweb-backend-go
1
0
Fork 0
mirror of https://git.rwth-aachen.de/acs/public/villas/web-backend-go/ synced 2025-03-30 00:00:12 +01:00
Code Issues Releases Wiki Activity

user: old password required in request to update user password

Browse source
This commit is contained in:
Sonja Happ 2019-10-24 12:23:12 +02:00
parent 82dbfa8cad
commit 3fdba37541
1 changed files with 29 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
routes/user/user_validators.go
View file

@ -15,6 +15,7 @@ type loginRequest struct {
type validUpdatedRequest struct { type validUpdatedRequest struct {
Username string `form:"Username" validate:"omitempty,min=3"` Username string `form:"Username" validate:"omitempty,min=3"`
Password string `form:"Password" validate:"omitempty,min=6"` Password string `form:"Password" validate:"omitempty,min=6"`
OldPassword string `form:"OldPassword" validate:"omitempty,min=6"`
Role string `form:"Role" validate:"omitempty,oneof=Admin User Guest"` Role string `form:"Role" validate:"omitempty,oneof=Admin User Guest"`
Mail string `form:"Mail" validate:"omitempty,email"` Mail string `form:"Mail" validate:"omitempty,email"`
Active string `form:"Active" validate:"omitempty,oneof=yes no"` Active string `form:"Active" validate:"omitempty,oneof=yes no"`
@ -44,9 +45,23 @@ func (r *loginRequest) validate() error {
func (r *updateUserRequest) validate() error { func (r *updateUserRequest) validate() error {
validate = validator.New() validate = validator.New()
errs := validate.Struct(r) errs := validate.Struct(r)
if errs != nil {
return errs return errs
} }
if r.Password != "" {
// if user wants to change password
// old password has to be contained in update request
if r.OldPassword == "" {
return fmt.Errorf("old password is missing in request")
} else {
return nil
}
}
return nil
}
func (r *updateUserRequest) updatedUser(role interface{}, func (r *updateUserRequest) updatedUser(role interface{},
oldUser User) (User, error) { oldUser User) (User, error) {
@ -71,7 +86,7 @@ func (r *updateUserRequest) updatedUser(role interface{},
} }
} }
// Update the username making sure is NOT taken // Update the username making sure it is NOT taken
var testUser User var testUser User
if err := testUser.ByUsername(r.Username); err == nil { if err := testUser.ByUsername(r.Username); err == nil {
return u, fmt.Errorf("Username is alreaday taken") return u, fmt.Errorf("Username is alreaday taken")
@ -83,9 +98,14 @@ func (r *updateUserRequest) updatedUser(role interface{},
// If there is a new password then hash it and update it // If there is a new password then hash it and update it
if r.Password != "" { if r.Password != "" {
err := u.setPassword(r.Password) err := oldUser.validatePassword(r.OldPassword)
if err != nil { if err != nil {
return u, fmt.Errorf("Unable to encrypt new password") return u, fmt.Errorf("previous password not correct, pw not changed")
}
err = u.setPassword(r.Password)
if err != nil {
return u, fmt.Errorf("unable to encrypt new password")
} }
} }