diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2021-10-14 14:26:04 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-10-14 14:26:04 +0200 |
| commit | 107685e22e809123a31e6518249d14888767f0fe (patch) | |
| tree | 3a46ca8a095f7ec1a0ee65845364b498099b6954 /internal/processing/user/changepassword.go | |
| parent | go fmt (#278) (diff) | |
| download | gotosocial-107685e22e809123a31e6518249d14888767f0fe.tar.xz | |
User password change (#280)
* start passwordChangeHandler
* add user scope
* add user module / api path
* add password change request
* make comment clearer
* add user to processor
* required true
* add processor call to handler
* don't pass tc or channel
* change password func + tests
* add some first docs about password management
* update swagger docs
* add api tests
* go fmt
* test fixes
Diffstat (limited to 'internal/processing/user/changepassword.go')
| -rw-r--r-- | internal/processing/user/changepassword.go | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/internal/processing/user/changepassword.go b/internal/processing/user/changepassword.go new file mode 100644 index 000000000..3fe2c8d7c --- /dev/null +++ b/internal/processing/user/changepassword.go @@ -0,0 +1,50 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +package user + +import ( + "context" + + "github.com/superseriousbusiness/gotosocial/internal/gtserror" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/validate" + "golang.org/x/crypto/bcrypt" +) + +func (p *processor) ChangePassword(ctx context.Context, user *gtsmodel.User, oldPassword string, newPassword string) gtserror.WithCode { + if err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte(oldPassword)); err != nil { + return gtserror.NewErrorBadRequest(err, "old password did not match") + } + + if err := validate.NewPassword(newPassword); err != nil { + return gtserror.NewErrorBadRequest(err, err.Error()) + } + + newPasswordHash, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost) + if err != nil { + return gtserror.NewErrorInternalError(err, "error hashing password") + } + + user.EncryptedPassword = string(newPasswordHash) + if err := p.db.UpdateByPrimaryKey(ctx, user); err != nil { + return gtserror.NewErrorInternalError(err, "database error") + } + + return nil +} |