// ChangePassword changes the password from the logged in user. // // It reads the request body in JSON format. The JSON in the request body // should contain two attributes: // // - old: the old password // - new: the new password // // This handler will return 403 if the password didn't match the user, or 412 // if the new password is invalid. func ChangePassword(w http.ResponseWriter, r *http.Request, u *auth.User) error { var body map[string]string err := json.NewDecoder(r.Body).Decode(&body) if err != nil { return &errors.Http{ Code: http.StatusBadRequest, Message: "Invalid JSON.", } } if body["old"] == "" || body["new"] == "" { return &errors.Http{ Code: http.StatusBadRequest, Message: "Both the old and the new passwords are required.", } } if !u.Login(body["old"]) { return &errors.Http{ Code: http.StatusForbidden, Message: "The given password didn't match the user's current password.", } } if !validation.ValidateLength(body["new"], passwordMinLen, passwordMaxLen) { return &errors.Http{ Code: http.StatusPreconditionFailed, Message: passwordError, } } u.Password = body["new"] u.HashPassword() return u.Update() }
func Login(w http.ResponseWriter, r *http.Request) error { var pass map[string]string err := json.NewDecoder(r.Body).Decode(&pass) if err != nil { return &errors.Http{Code: http.StatusBadRequest, Message: "Invalid JSON"} } password, ok := pass["password"] if !ok { msg := "You must provide a password to login" return &errors.Http{Code: http.StatusBadRequest, Message: msg} } if !validation.ValidateLength(password, passwordMinLen, passwordMaxLen) { return &errors.Http{Code: http.StatusPreconditionFailed, Message: passwordError} } u := auth.User{Email: r.URL.Query().Get(":email")} if !validation.ValidateEmail(u.Email) { return &errors.Http{Code: http.StatusPreconditionFailed, Message: emailError} } err = u.Get() if err != nil { return &errors.Http{Code: http.StatusNotFound, Message: "User not found"} } if u.Login(password) { t, _ := u.CreateToken() fmt.Fprintf(w, `{"token":"%s"}`, t.Token) return nil } msg := "Authentication failed, wrong password" return &errors.Http{Code: http.StatusUnauthorized, Message: msg} }