func TestChangePassword(t *testing.T) {
var user vsafe.User
if err := user.Init("foo", "password"); err != nil {
t.Fatalf("Error initializing user %v", err)
}
var store FakeUserStore
if err := store.AddUser(nil, &user); err != nil {
t.Fatalf("Error adding user %v", err)
}
if _, err := vsafedb.ChangePassword(
store, kTransaction, user.Id+1, "password", "board"); err != vsafedb.ErrNoSuchId {
t.Errorf("Expected ErrNoSuchId, got %v", err)
}
if _, err := vsafedb.ChangePassword(
store, kTransaction, user.Id, "wrong", "board"); err != vsafe.ErrWrongPassword {
t.Errorf("Expected ErrWrongPassword, got %v", err)
}
newUser, err := vsafedb.ChangePassword(
store, kTransaction, user.Id, "password", "board")
if err != nil {
t.Errorf("Expected no error, got %v", err)
}
if _, err := newUser.VerifyPassword("board"); err != nil {
t.Errorf("Got error verifying password, %v", err)
}
var readUser vsafe.User
if err := store.UserById(nil, user.Id, &readUser); err != nil {
t.Fatalf("Got error reading database, %v", err)
}
if _, err := readUser.VerifyPassword("board"); err != nil {
t.Errorf("Got error verifying password, %v", err)
}
}
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
session := common.GetUserSession(r)
if r.Method == "GET" {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd)})
} else {
r.ParseForm()
if !common.VerifyXsrfToken(r, kChPasswd) {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: common.ErrXsrf.Error()})
return
}
old := r.Form.Get("old")
new := r.Form.Get("new")
verify := r.Form.Get("verify")
if new != verify {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: "Password re-typed incorrectly."})
return
}
if len(new) < kMinPasswordLength {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: fmt.Sprintf(
"Password must be at least %d characters.",
kMinPasswordLength)})
return
}
err := h.Doer.Do(func(t db.Transaction) error {
user, err := vsafedb.ChangePassword(
h.Store, t, session.User.Id, old, new)
if err != nil {
return err
}
session.User = user
return nil
})
if err == vsafe.ErrWrongPassword {
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Xsrf: common.NewXsrfToken(r, kChPasswd),
Message: "Old password wrong."})
return
}
if err != nil {
http_util.ReportError(w, "Error updating database", err)
return
}
http_util.WriteTemplate(
w,
kTemplate,
&view{
Name: session.User.Name,
Message: "Password changed successfully.",
Xsrf: common.NewXsrfToken(r, kChPasswd),
Success: true})
}
}
