Encrypted messaging app
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

76 lines
1.8 KiB

package Auth
import (
"encoding/json"
"io/ioutil"
"net/http"
"git.tovijaeschke.xyz/tovi/Capsule/Backend/Database"
"git.tovijaeschke.xyz/tovi/Capsule/Backend/Models"
)
type rawChangePassword struct {
OldPassword string `json:"old_password"`
NewPassword string `json:"new_password"`
NewPasswordConfirm string `json:"new_password_confirm"`
PrivateKey string `json:"private_key"`
}
// ChangePassword handle change password action
func ChangePassword(w http.ResponseWriter, r *http.Request) {
var (
user Models.User
changePassword rawChangePassword
requestBody []byte
err error
)
user, err = CheckCookieCurrentUser(w, r)
if err != nil {
// Don't bother showing an error here, as the middleware handles auth
return
}
requestBody, err = ioutil.ReadAll(r.Body)
if err != nil {
http.Error(w, "Error", http.StatusInternalServerError)
return
}
err = json.Unmarshal(requestBody, &changePassword)
if err != nil {
http.Error(w, "Error", http.StatusInternalServerError)
return
}
if !CheckPasswordHash(changePassword.OldPassword, user.Password) {
http.Error(w, "Invalid Current Password", http.StatusForbidden)
return
}
// This should never occur, due to frontend validation
if changePassword.NewPassword != changePassword.NewPasswordConfirm {
http.Error(w, "Invalid New Password", http.StatusUnprocessableEntity)
return
}
user.Password, err = HashPassword(changePassword.NewPassword)
if err != nil {
http.Error(w, "Error", http.StatusInternalServerError)
return
}
// Private key doesn't change at this point, is just re-encrypted with the new password
user.AsymmetricPrivateKey = changePassword.PrivateKey
err = Database.UpdateUser(
user.ID.String(),
&user,
)
if err != nil {
http.Error(w, "Error", http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
}