func createUser(w http.ResponseWriter, r *http.Request) error {
var u auth.User
err := json.NewDecoder(r.Body).Decode(&u)
if err != nil {
return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
}
if !validation.ValidateEmail(u.Email) {
return &errors.HTTP{Code: http.StatusBadRequest, Message: emailError}
}
if !validation.ValidateLength(u.Password, passwordMinLen, passwordMaxLen) {
return &errors.HTTP{Code: http.StatusBadRequest, Message: passwordError}
}
if _, err = auth.GetUserByEmail(u.Email); err == nil {
return &errors.HTTP{Code: http.StatusConflict, Message: "This email is already registered"}
}
gURL := repository.ServerURL()
c := gandalf.Client{Endpoint: gURL}
if _, err := c.NewUser(u.Email, keyToMap(u.Keys)); err != nil {
return fmt.Errorf("Failed to create user in the git server: %s", err)
}
u.Quota = quota.Unlimited
if limit, err := config.GetInt("quota:apps-per-user"); err == nil && limit > -1 {
u.Quota.Limit = limit
}
if err := u.Create(); err == nil {
rec.Log(u.Email, "create-user")
w.WriteHeader(http.StatusCreated)
return nil
}
return err
}
func checkPassword(passwordHash string, password string) error {
if !validation.ValidateLength(password, passwordMinLen, passwordMaxLen) {
return &tsuruErrors.ValidationError{Message: passwordError}
}
if bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(password)) == nil {
return nil
}
return auth.AuthenticationFailure{Message: "Authentication failed, wrong password."}
}
func (u *User) CheckPassword(password string) error {
if !validation.ValidateLength(password, passwordMinLen, passwordMaxLen) {
return &errors.ValidationError{Message: passwordError}
}
if bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password)) == nil {
return nil
}
return AuthenticationFailure{}
}
func (s NativeScheme) ChangePassword(token auth.Token, oldPassword string, newPassword string) error {
user, err := token.User()
if err != nil {
return err
}
if err = checkPassword(user.Password, oldPassword); err != nil {
return ErrPasswordMismatch
}
if !validation.ValidateLength(newPassword, passwordMinLen, passwordMaxLen) {
return ErrInvalidPassword
}
user.Password = newPassword
hashPassword(user)
return user.Update()
}
func (s NativeScheme) Create(user *auth.User) (*auth.User, error) {
if !validation.ValidateEmail(user.Email) {
return nil, ErrInvalidEmail
}
if !validation.ValidateLength(user.Password, passwordMinLen, passwordMaxLen) {
return nil, ErrInvalidPassword
}
if _, err := auth.GetUserByEmail(user.Email); err == nil {
return nil, ErrEmailRegistered
}
if err := hashPassword(user); err != nil {
return nil, err
}
if err := user.Create(); err != nil {
return nil, err
}
return user, nil
}
// ChangePassword changes the password from the logged in user.
//
// It reads the request body in JSON format. The JSON in the request body
// should contain two attributes:
//
// - old: the old password
// - new: the new password
//
// This handler will return 403 if the password didn't match the user, or 400
// if the new password is invalid.
func changePassword(w http.ResponseWriter, r *http.Request, t *auth.Token) error {
var body map[string]string
err := json.NewDecoder(r.Body).Decode(&body)
if err != nil {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: "Invalid JSON.",
}
}
if body["old"] == "" || body["new"] == "" {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: "Both the old and the new passwords are required.",
}
}
u, err := t.User()
if err != nil {
return err
}
if err := u.CheckPassword(body["old"]); err != nil {
return &errors.HTTP{
Code: http.StatusForbidden,
Message: "The given password didn't match the user's current password.",
}
}
if !validation.ValidateLength(body["new"], passwordMinLen, passwordMaxLen) {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: passwordError,
}
}
rec.Log(u.Email, "change-password")
u.Password = body["new"]
u.HashPassword()
return u.Update()
}
