|
|
- package Auth
-
- import (
- "encoding/json"
- "io/ioutil"
- "net/http"
-
- "git.tovijaeschke.xyz/tovi/Envelope/Backend/Database"
- "git.tovijaeschke.xyz/tovi/Envelope/Backend/Models"
- )
-
- type rawChangePassword struct {
- OldPassword string `json:"old_password"`
- NewPassword string `json:"new_password"`
- NewPasswordConfirm string `json:"new_password_confirm"`
- PrivateKey string `json:"private_key"`
- }
-
- // ChangePassword handle change password action
- func ChangePassword(w http.ResponseWriter, r *http.Request) {
- var (
- user Models.User
- changePassword rawChangePassword
- requestBody []byte
- err error
- )
-
- user, err = CheckCookieCurrentUser(w, r)
- if err != nil {
- // Don't bother showing an error here, as the middleware handles auth
- return
- }
-
- requestBody, err = ioutil.ReadAll(r.Body)
- if err != nil {
- http.Error(w, "Error", http.StatusInternalServerError)
- return
- }
-
- err = json.Unmarshal(requestBody, &changePassword)
- if err != nil {
- http.Error(w, "Error", http.StatusInternalServerError)
- return
- }
-
- if !CheckPasswordHash(changePassword.OldPassword, user.Password) {
- http.Error(w, "Invalid Current Password", http.StatusForbidden)
- return
- }
-
- // This should never occur, due to frontend validation
- if changePassword.NewPassword != changePassword.NewPasswordConfirm {
- http.Error(w, "Invalid New Password", http.StatusUnprocessableEntity)
- return
- }
-
- user.Password, err = HashPassword(changePassword.NewPassword)
- if err != nil {
- http.Error(w, "Error", http.StatusInternalServerError)
- return
- }
-
- // Private key doesn't change at this point, is just re-encrypted with the new password
- user.AsymmetricPrivateKey = changePassword.PrivateKey
-
- err = Database.UpdateUser(
- user.ID.String(),
- &user,
- )
- if err != nil {
- http.Error(w, "Error", http.StatusInternalServerError)
- return
- }
-
- w.WriteHeader(http.StatusNoContent)
- }
|