diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-08-08 10:40:51 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-08-08 10:40:51 +0200 |
| commit | 117888cf59c10330671f43bbce949a3984761c91 (patch) | |
| tree | 432e62b06206f315048e719ef2bb0e39c5f658ae /internal/processing | |
| parent | [chore] Update js deps (#744) (diff) | |
| download | gotosocial-117888cf59c10330671f43bbce949a3984761c91.tar.xz | |
[feature] Add first iteration of a user panel at `/user` (#736)
* start work on user panel
* parse source first before checking if empty form
* newline
* set avi + header nicely
* add posts settings
* render signin a bit nicer on mobile
* return OK json on successful change
* return unauthorized on bad password
* clarify message on insecure password
* make login a bit prettier
* add alt text + border round image previews
* add logout button
* add password change
* styling updates
* redirect /auth/edit to /user
* update tests
* fix validation tests
* better labels, link to more info
* make submit button generic component
* move submit button inside forms
* add autocomplete labels to password fields
* fix indentation (thx eslint)
* update eslintrc
* eslint: no-unescaped-entities
* initial deduplication between user and admin panel
* add default status/post format setting
* user panel styling for inputs
* update user panel styling, include normalize css
* add placeholder text
* input padding
Co-authored-by: f0x <f0x@cthu.lu>
Diffstat (limited to 'internal/processing')
| -rw-r--r-- | internal/processing/user/changepassword.go | 2 | ||||
| -rw-r--r-- | internal/processing/user/changepassword_test.go | 26 |
2 files changed, 23 insertions, 5 deletions
diff --git a/internal/processing/user/changepassword.go b/internal/processing/user/changepassword.go index 8cc71133d..50c7a7517 100644 --- a/internal/processing/user/changepassword.go +++ b/internal/processing/user/changepassword.go @@ -29,7 +29,7 @@ import ( func (p *processor) ChangePassword(ctx context.Context, user *gtsmodel.User, oldPassword string, newPassword string) gtserror.WithCode { if err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte(oldPassword)); err != nil { - return gtserror.NewErrorBadRequest(err, "old password did not match") + return gtserror.NewErrorUnauthorized(err, "old password was incorrect") } if err := validate.NewPassword(newPassword); err != nil { diff --git a/internal/processing/user/changepassword_test.go b/internal/processing/user/changepassword_test.go index e769f4cc0..1d92e6b55 100644 --- a/internal/processing/user/changepassword_test.go +++ b/internal/processing/user/changepassword_test.go @@ -56,17 +56,35 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() { errWithCode := suite.user.ChangePassword(context.Background(), user, "ooooopsydoooopsy", "verygoodnewpassword") suite.EqualError(errWithCode, "crypto/bcrypt: hashedPassword is not the hash of the given password") - suite.Equal(http.StatusBadRequest, errWithCode.Code()) - suite.Equal("Bad Request: old password did not match", errWithCode.Safe()) + suite.Equal(http.StatusUnauthorized, errWithCode.Code()) + suite.Equal("Unauthorized: old password was incorrect", errWithCode.Safe()) + + // get user from the db again + dbUser := >smodel.User{} + err := suite.db.GetByID(context.Background(), user.ID, dbUser) + suite.NoError(err) + + // check the password has not changed + err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password")) + suite.NoError(err) } func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() { user := suite.testUsers["local_account_1"] errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "1234") - suite.EqualError(errWithCode, "password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password") + suite.EqualError(errWithCode, "password is only 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password") suite.Equal(http.StatusBadRequest, errWithCode.Code()) - suite.Equal("Bad Request: password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe()) + suite.Equal("Bad Request: password is only 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe()) + + // get user from the db again + dbUser := >smodel.User{} + err := suite.db.GetByID(context.Background(), user.ID, dbUser) + suite.NoError(err) + + // check the password has not changed + err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password")) + suite.NoError(err) } func TestChangePasswordTestSuite(t *testing.T) { |