func getApiUserResetHandler(w http.ResponseWriter, r *http.Request, params map[string]string) { userName := authentication.GetUserName(r) if userName != "" { currentId, err := getUserId(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } userRole, err := getUserRole(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } log.Print("Role is " + strconv.Itoa(userRole)) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } else if userRole != 4 && userRole != 1 { // Only owner and admin can do it http.Error(w, "You don't have permission to access this data.", http.StatusForbidden) return } id, _ := strconv.ParseInt(params["id"], 10, 64) encryptedPassword, err := authentication.EncryptPassword("VerySecretPassword") if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } err = database.UpdateUserPassword(id, encryptedPassword, time.Now(), currentId) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } w.Header().Set("Content-Type", "text/html") w.Write([]byte("Changed")) return } else { http.Error(w, "Not logged in!", http.StatusInternalServerError) return } }
// API function to patch user settings func patchApiUserHandler(w http.ResponseWriter, r *http.Request, _ map[string]string) { userName := authentication.GetUserName(r) if userName != "" { userId, err := getUserId(userName) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } decoder := json.NewDecoder(r.Body) var json JsonUser err = decoder.Decode(&json) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Make sure user id is over 0 if json.Id < 1 { http.Error(w, "Wrong user id.", http.StatusInternalServerError) return } else if userId != json.Id { // Make sure the authenticated user is only changing his/her own data. TODO: Make sure the user is admin when multiple users have been introduced http.Error(w, "You don't have permission to change this data.", http.StatusInternalServerError) return } // Get old user data to compare tempUser, err := database.RetrieveUser(json.Id) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Make sure user email is provided if json.Email == "" { json.Email = string(tempUser.Email) } // Make sure user name is provided if json.Name == "" { json.Name = string(tempUser.Name) } // Make sure user slug is provided if json.Slug == "" { json.Slug = tempUser.Slug } // Check if new name is already taken if json.Name != string(tempUser.Name) { _, err = database.RetrieveUserByName([]byte(json.Name)) if err == nil { // The new user name is already taken. Assign the old name. // TODO: Return error that will be displayed in the admin interface. json.Name = string(tempUser.Name) } } // Check if new slug is already taken if json.Slug != tempUser.Slug { _, err = database.RetrieveUserBySlug(json.Slug) if err == nil { // The new user slug is already taken. Assign the old slug. // TODO: Return error that will be displayed in the admin interface. json.Slug = tempUser.Slug } } user := structure.User{Id: json.Id, Name: []byte(json.Name), Slug: json.Slug, Email: []byte(json.Email), Image: []byte(json.Image), Cover: []byte(json.Cover), Bio: []byte(json.Bio), Website: []byte(json.Website), Location: []byte(json.Location)} err = methods.UpdateUser(&user, userId) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } if json.Password != "" && (json.Password == json.PasswordRepeated) { // Update password if a new one was submitted encryptedPassword, err := authentication.EncryptPassword(json.Password) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } err = database.UpdateUserPassword(user.Id, encryptedPassword, time.Now(), json.Id) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } } // Check if the user name was changed. If so, update the session cookie to the new user name. if json.Name != string(tempUser.Name) { logInUser(json.Name, w) } w.WriteHeader(http.StatusOK) w.Write([]byte("User settings updated!")) return } else { http.Error(w, "Not logged in!", http.StatusInternalServerError) return } }