Ejemplo n.º 1
0
func TestChangePassword(t *testing.T) {
	var user vsafe.User
	if err := user.Init("foo", "password"); err != nil {
		t.Fatalf("Error initializing user %v", err)
	}
	var store FakeUserStore
	if err := store.AddUser(nil, &user); err != nil {
		t.Fatalf("Error adding user %v", err)
	}
	if _, err := vsafedb.ChangePassword(
		store, kTransaction, user.Id+1, "password", "board"); err != vsafedb.ErrNoSuchId {
		t.Errorf("Expected ErrNoSuchId, got %v", err)
	}
	if _, err := vsafedb.ChangePassword(
		store, kTransaction, user.Id, "wrong", "board"); err != vsafe.ErrWrongPassword {
		t.Errorf("Expected ErrWrongPassword, got %v", err)
	}
	newUser, err := vsafedb.ChangePassword(
		store, kTransaction, user.Id, "password", "board")
	if err != nil {
		t.Errorf("Expected no error, got %v", err)
	}
	if _, err := newUser.VerifyPassword("board"); err != nil {
		t.Errorf("Got error verifying password, %v", err)
	}
	var readUser vsafe.User
	if err := store.UserById(nil, user.Id, &readUser); err != nil {
		t.Fatalf("Got error reading database, %v", err)
	}
	if _, err := readUser.VerifyPassword("board"); err != nil {
		t.Errorf("Got error verifying password, %v", err)
	}
}
Ejemplo n.º 2
0
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	session := common.GetUserSession(r)
	if r.Method == "GET" {
		http_util.WriteTemplate(
			w,
			kTemplate,
			&view{
				Name: session.User.Name,
				Xsrf: common.NewXsrfToken(r, kChPasswd)})
	} else {
		r.ParseForm()
		if !common.VerifyXsrfToken(r, kChPasswd) {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: common.ErrXsrf.Error()})
			return
		}
		old := r.Form.Get("old")
		new := r.Form.Get("new")
		verify := r.Form.Get("verify")
		if new != verify {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: "Password re-typed incorrectly."})
			return
		}
		if len(new) < kMinPasswordLength {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name: session.User.Name,
					Xsrf: common.NewXsrfToken(r, kChPasswd),
					Message: fmt.Sprintf(
						"Password must be at least %d characters.",
						kMinPasswordLength)})
			return
		}
		err := h.Doer.Do(func(t db.Transaction) error {
			user, err := vsafedb.ChangePassword(
				h.Store, t, session.User.Id, old, new)
			if err != nil {
				return err
			}
			session.User = user
			return nil
		})
		if err == vsafe.ErrWrongPassword {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: "Old password wrong."})
			return
		}
		if err != nil {
			http_util.ReportError(w, "Error updating database", err)
			return
		}
		http_util.WriteTemplate(
			w,
			kTemplate,
			&view{
				Name:    session.User.Name,
				Message: "Password changed successfully.",
				Xsrf:    common.NewXsrfToken(r, kChPasswd),
				Success: true})
	}
}