Exemple #1
1
func changeAccountPassword(ctx context.Context, w http.ResponseWriter, r *http.Request) {

	var acct account.Account

	var email string
	var newPassword string

	// read the account ID
	if emailBytes, err := base64.RawURLEncoding.DecodeString(rest.Param(ctx, "id")); err != nil {
		rest.WriteJSON(w, err)
		return
	} else {
		email = string(emailBytes)
	}

	if err := rest.ReadJSON(r, &newPassword); err != nil {
		rest.WriteJSON(w, err)
	} else if err := account.Get(ctx, email, &acct); err != nil {
		rest.WriteJSON(w, err)
	} else if err := acct.SetPassword(newPassword); err != nil {
		rest.WriteJSON(w, err)
	} else if err := account.Save(ctx, &acct); err != nil {
		rest.WriteJSON(w, err)
	} else {
		rest.WriteJSON(w, &rest.NoContent)
	}

}
Exemple #2
1
func changeAccount(ctx context.Context, w http.ResponseWriter, r *http.Request) {

	var acct account.Account
	var resp rest.Response
	resp.Body = &acct

	var email string
	var err error

	// read the account ID
	if emailBytes, err := base64.RawURLEncoding.DecodeString(rest.Param(ctx, "id")); err != nil {
		rest.WriteJSON(w, err)
		return
	} else {
		email = string(emailBytes)
	}

	// read the account and merge it with the request body
	if err = account.Get(ctx, email, &acct); err != nil {
		rest.WriteJSON(w, err)
		return
	} else if err = rest.ReadJSON(r, &acct); err != nil {
		rest.WriteJSON(w, err)
		return
	}

	// is the email address changing?
	if email != acct.Email {

		// run the change, then reread the account
		if err = account.ChangeEmail(ctx, email, acct.Email); err != nil {
			rest.WriteJSON(w, err)
			return
		}

		email = acct.Email

		if err = account.Get(ctx, email, &acct); err != nil {
			rest.WriteJSON(w, err)
			return
		}

		// point to the new URL on response
		newAccountURL, _ := r.URL.Parse("..")
		newAccountURL, _ = newAccountURL.Parse(base64.RawURLEncoding.EncodeToString([]byte(acct.Email)))
		w.Header().Set("Location", newAccountURL.String())
		resp.Code = http.StatusMovedPermanently

	}

	// save the remaining changes to the account
	if err = account.Save(ctx, &acct); err != nil {
		rest.WriteJSON(w, err)
		return
	}

	rest.WriteJSON(w, &resp)

}
func TestHasRole(t *testing.T) {

	ctx, done, _ := aetest.NewContext()
	defer done()
	ctx = test.WithConfig(ctx, map[string]interface{}{"AuthSecret": "foo"})

	w := httptest.NewRecorder()
	r, _ := http.NewRequest("GET", "/", nil)
	r.Header.Set("Authorization", "wrong")

	// Make up a fake user
	acct, _ := account.New(ctx, "*****@*****.**", "foobar")
	acct.Roles = append(acct.Roles, "tyrant")
	account.Save(ctx, acct)

	// Unretrievable user, because middleware hasn't been run.
	if err := HasRole("foo")(ctx, w, r); err != ErrCannotGetAccount {
		t.Errorf("Unexpected error, wanted ErrCannotGetAccount, got %s", err)
	}

	// User's set, but claimset isn't for some reason.
	ctx2 := context.WithValue(ctx, internal.AuthContextKey, &account.Nobody)
	if err := HasRole("foo")(ctx2, w, r); err != ErrCannotGetClaimSet {
		t.Errorf("Unexpected error, wanted ErrCannotGetClaimSet, got %s", err)
	}

	// Account doesn't have the role.
	r.Header.Set("Authorization", test.JWT(&jws.ClaimSet{Sub: "*****@*****.**", Scope: AllScope}, "foo"))
	ctx2 = Middleware(ctx, w, r)
	if err := HasRole("foo")(ctx2, w, r); err != ErrRoleMissing {
		t.Errorf("Unexpected error, wanted ErrRoleMissing, got %s", err)
	}

	// Token doesn't have the role in scope.
	r.Header.Set("Authorization", test.JWT(&jws.ClaimSet{Sub: "*****@*****.**", Scope: "somethingelse"}, "foo"))
	ctx2 = Middleware(ctx, w, r)
	if err := HasRole("tyrant")(ctx2, w, r); err != ErrRoleNotInScope {
		t.Errorf("Unexpected error, wanted ErrRoleNotInScope, got %s", err)
	}

	// Token is consumable, but hasn't been used yet.
	consumableToken := test.ConsumableJWT(&jws.ClaimSet{Sub: "*****@*****.**", Scope: "tyrant"}, "foo", 1)
	r.Header.Set("Authorization", consumableToken)
	ctx2 = Middleware(ctx, w, r)
	if err := HasRole("tyrant")(ctx2, w, r); err != nil {
		t.Errorf("Unexpected error, wanted nil, got %s", err)
	}

	// We used this token once already. Should be used up.
	ctx2 = Middleware(ctx, w, r)
	if err := HasRole("tyrant")(ctx2, w, r); err != ErrClaimSetUsedUp {
		t.Errorf("Unexpected error, wanted ErrClaimSetUsedUp, got %s", err)
	}

}