// Function to recieve a registration form. func postRegistrationHandler(w http.ResponseWriter, r *http.Request, _ map[string]string) { if database.RetrieveUsersCount() == 0 { // TODO: Or check if authenticated user is admin when adding users from inside the admin area name := r.FormValue("name") email := r.FormValue("email") password := r.FormValue("password") if name != "" && password != "" { hashedPassword, err := authentication.EncryptPassword(password) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } user := structure.User{Name: []byte(name), Slug: slug.Generate(name, "users"), Email: []byte(email), Image: []byte(filenames.DefaultUserImageFilename), Cover: []byte(filenames.DefaultUserCoverFilename), Role: 4} err = methods.SaveUser(&user, hashedPassword, 1) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } http.Redirect(w, r, "/admin/", 302) return } http.Redirect(w, r, "/admin/", 302) return } else { name := r.FormValue("name") email := r.FormValue("email") password := r.FormValue("password") if name != "" && password != "" { hashedPassword, err := authentication.EncryptPassword(password) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } user := structure.User{Name: []byte(name), Slug: slug.Generate(name, "users"), Email: []byte(email), Image: []byte(filenames.DefaultUserImageFilename), Cover: []byte(filenames.DefaultUserCoverFilename), Role: 3} err = methods.SaveUser(&user, hashedPassword, 1) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } http.Redirect(w, r, "/admin/#/users/", 302) return } else { http.Error(w, "Not implemented yet.", http.StatusInternalServerError) return } } }
func getApiUserResetHandler(w http.ResponseWriter, r *http.Request, params map[string]string) { userName := authentication.GetUserName(r) if userName != "" { currentId, err := getUserId(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } userRole, err := getUserRole(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } log.Print("Role is " + strconv.Itoa(userRole)) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } else if userRole != 4 && userRole != 1 { // Only owner and admin can do it http.Error(w, "You don't have permission to access this data.", http.StatusForbidden) return } id, _ := strconv.ParseInt(params["id"], 10, 64) encryptedPassword, err := authentication.EncryptPassword("VerySecretPassword") if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } err = database.UpdateUserPassword(id, encryptedPassword, time.Now(), currentId) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } w.Header().Set("Content-Type", "text/html") w.Write([]byte("Changed")) return } else { http.Error(w, "Not logged in!", http.StatusInternalServerError) return } }
// API function to patch user settings func patchApiUserHandler(w http.ResponseWriter, r *http.Request, _ map[string]string) { userName := authentication.GetUserName(r) if userName != "" { userId, err := getUserId(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } decoder := json.NewDecoder(r.Body) var json JsonUser err = decoder.Decode(&json) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Make sure user id is over 0 if json.Id < 1 { http.Error(w, "Wrong user id.", http.StatusInternalServerError) return } else if userId != json.Id { // Make sure the authenticated user is only changing his/her own data. TODO: Make sure the user is admin when multiple users have been introduced http.Error(w, "You don't have permission to change this data.", http.StatusInternalServerError) return } // Get old user data to compare tempUser, err := database.RetrieveUser(json.Id) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Make sure user email is provided if json.Email == "" { json.Email = string(tempUser.Email) } // Make sure user name is provided if json.Name == "" { json.Name = string(tempUser.Name) } // Make sure user slug is provided if json.Slug == "" { json.Slug = tempUser.Slug } // Check if new name is already taken if json.Name != string(tempUser.Name) { _, err = database.RetrieveUserByName([]byte(json.Name)) if err == nil { // The new user name is already taken. Assign the old name. // TODO: Return error that will be displayed in the admin interface. json.Name = string(tempUser.Name) } } // Check if new slug is already taken if json.Slug != tempUser.Slug { _, err = database.RetrieveUserBySlug(json.Slug) if err == nil { // The new user slug is already taken. Assign the old slug. // TODO: Return error that will be displayed in the admin interface. json.Slug = tempUser.Slug } } user := structure.User{Id: json.Id, Name: []byte(json.Name), Slug: json.Slug, Email: []byte(json.Email), Image: []byte(json.Image), Cover: []byte(json.Cover), Bio: []byte(json.Bio), Website: []byte(json.Website), Location: []byte(json.Location)} err = methods.UpdateUser(&user, userId) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } if json.Password != "" && (json.Password == json.PasswordRepeated) { // Update password if a new one was submitted encryptedPassword, err := authentication.EncryptPassword(json.Password) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } err = database.UpdateUserPassword(user.Id, encryptedPassword, time.Now(), json.Id) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } } // Check if the user name was changed. If so, update the session cookie to the new user name. if json.Name != string(tempUser.Name) { logInUser(json.Name, w) } w.WriteHeader(http.StatusOK) w.Write([]byte("User settings updated!")) return } else { http.Error(w, "Not logged in!", http.StatusInternalServerError) return } }