func updateInitPassword(userID int, password string) error { queryUser := models.User{UserID: userID} user, err := dao.GetUser(queryUser) if err != nil { return fmt.Errorf("Failed to get user, userID: %d %v", userID, err) } if user == nil { return fmt.Errorf("user id: %d does not exist", userID) } if user.Salt == "" { salt := utils.GenerateRandomString() user.Salt = salt user.Password = password err = dao.ChangeUserPassword(*user) if err != nil { return fmt.Errorf("Failed to update user encrypted password, userID: %d, err: %v", userID, err) } log.Infof("User id: %d updated its encypted password successfully.", userID) } else { log.Infof("User id: %d already has its encrypted password.", userID) } return nil }
// ChangePassword handles PUT to /api/users/{}/password func (ua *UserAPI) ChangePassword() { ldapAdminUser := (ua.AuthMode == "ldap_auth" && ua.userID == 1 && ua.userID == ua.currentUserID) if !(ua.AuthMode == "db_auth" || ldapAdminUser) { ua.CustomAbort(http.StatusForbidden, "") } if !ua.IsAdmin { if ua.userID != ua.currentUserID { log.Error("Guests can only change their own account.") ua.CustomAbort(http.StatusForbidden, "Guests can only change their own account.") } } var req passwordReq ua.DecodeJSONReq(&req) if req.OldPassword == "" { log.Error("Old password is blank") ua.CustomAbort(http.StatusBadRequest, "Old password is blank") } queryUser := models.User{UserID: ua.userID, Password: req.OldPassword} user, err := dao.CheckUserPassword(queryUser) if err != nil { log.Errorf("Error occurred in CheckUserPassword: %v", err) ua.CustomAbort(http.StatusInternalServerError, "Internal error.") } if user == nil { log.Warning("Password input is not correct") ua.CustomAbort(http.StatusForbidden, "old_password_is_not_correct") } if req.NewPassword == "" { ua.CustomAbort(http.StatusBadRequest, "please_input_new_password") } updateUser := models.User{UserID: ua.userID, Password: req.NewPassword, Salt: user.Salt} err = dao.ChangeUserPassword(updateUser, req.OldPassword) if err != nil { log.Errorf("Error occurred in ChangeUserPassword: %v", err) ua.CustomAbort(http.StatusInternalServerError, "Internal error.") } }
func updateInitPassword(userID int, password string) error { queryUser := models.User{UserID: userID} user, err := dao.GetUser(queryUser) if err != nil { return fmt.Errorf("Failed to get user, userID: %d %v", userID, err) } if user == nil { return fmt.Errorf("User id: %d does not exist.", userID) } if user.Salt == "" { user.Salt = utils.GenerateRandomString() user.Password = password err = dao.ChangeUserPassword(*user) if err != nil { return fmt.Errorf("Failed to update user encrypted password, userID: %d, err: %v", userID, err) } } else { } return nil }