diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-08-08 10:40:51 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-08-08 10:40:51 +0200 |
| commit | 117888cf59c10330671f43bbce949a3984761c91 (patch) | |
| tree | 432e62b06206f315048e719ef2bb0e39c5f658ae /internal | |
| parent | [chore] Update js deps (#744) (diff) | |
| download | gotosocial-117888cf59c10330671f43bbce949a3984761c91.tar.xz | |
[feature] Add first iteration of a user panel at `/user` (#736)
* start work on user panel
* parse source first before checking if empty form
* newline
* set avi + header nicely
* add posts settings
* render signin a bit nicer on mobile
* return OK json on successful change
* return unauthorized on bad password
* clarify message on insecure password
* make login a bit prettier
* add alt text + border round image previews
* add logout button
* add password change
* styling updates
* redirect /auth/edit to /user
* update tests
* fix validation tests
* better labels, link to more info
* make submit button generic component
* move submit button inside forms
* add autocomplete labels to password fields
* fix indentation (thx eslint)
* update eslintrc
* eslint: no-unescaped-entities
* initial deduplication between user and admin panel
* add default status/post format setting
* user panel styling for inputs
* update user panel styling, include normalize css
* add placeholder text
* input padding
Co-authored-by: f0x <f0x@cthu.lu>
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/api/client/auth/authorize.go | 8 | ||||
| -rw-r--r-- | internal/api/client/auth/signin.go | 11 | ||||
| -rw-r--r-- | internal/api/client/user/passwordchange.go | 2 | ||||
| -rw-r--r-- | internal/api/client/user/passwordchange_test.go | 6 | ||||
| -rw-r--r-- | internal/processing/user/changepassword.go | 2 | ||||
| -rw-r--r-- | internal/processing/user/changepassword_test.go | 26 | ||||
| -rw-r--r-- | internal/validate/formvalidation.go | 2 | ||||
| -rw-r--r-- | internal/validate/formvalidation_test.go | 8 | ||||
| -rw-r--r-- | internal/web/panels.go | 4 | ||||
| -rw-r--r-- | internal/web/web.go | 6 |
10 files changed, 59 insertions, 16 deletions
diff --git a/internal/api/client/auth/authorize.go b/internal/api/client/auth/authorize.go index 1a594a319..67325a81d 100644 --- a/internal/api/client/auth/authorize.go +++ b/internal/api/client/auth/authorize.go @@ -29,6 +29,7 @@ import ( "github.com/google/uuid" "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" @@ -142,6 +143,12 @@ func (m *Module) AuthorizeGETHandler(c *gin.Context) { return } + instance, errWithCode := m.processor.InstanceGet(c.Request.Context(), config.GetHost()) + if errWithCode != nil { + api.ErrorHandler(c, errWithCode, m.processor.InstanceGet) + return + } + // the authorize template will display a form to the user where they can get some information // about the app that's trying to authorize, and the scope of the request. // They can then approve it if it looks OK to them, which will POST to the AuthorizePOSTHandler @@ -151,6 +158,7 @@ func (m *Module) AuthorizeGETHandler(c *gin.Context) { "redirect": redirect, "scope": scope, "user": acct.Username, + "instance": instance, }) } diff --git a/internal/api/client/auth/signin.go b/internal/api/client/auth/signin.go index f9541d4c5..58f3fad7e 100644 --- a/internal/api/client/auth/signin.go +++ b/internal/api/client/auth/signin.go @@ -27,6 +27,7 @@ import ( "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "github.com/superseriousbusiness/gotosocial/internal/api" + "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" @@ -50,8 +51,16 @@ func (m *Module) SignInGETHandler(c *gin.Context) { } if m.idp == nil { + instance, errWithCode := m.processor.InstanceGet(c.Request.Context(), config.GetHost()) + if errWithCode != nil { + api.ErrorHandler(c, errWithCode, m.processor.InstanceGet) + return + } + // no idp provider, use our own funky little sign in page - c.HTML(http.StatusOK, "sign-in.tmpl", gin.H{}) + c.HTML(http.StatusOK, "sign-in.tmpl", gin.H{ + "instance": instance, + }) return } diff --git a/internal/api/client/user/passwordchange.go b/internal/api/client/user/passwordchange.go index 7676f5b85..2b40a345e 100644 --- a/internal/api/client/user/passwordchange.go +++ b/internal/api/client/user/passwordchange.go @@ -100,5 +100,5 @@ func (m *Module) PasswordChangePOSTHandler(c *gin.Context) { return } - c.Status(http.StatusOK) + c.JSON(http.StatusOK, gin.H{"status": "OK"}) } diff --git a/internal/api/client/user/passwordchange_test.go b/internal/api/client/user/passwordchange_test.go index 31b59b2ce..3c0fd7b30 100644 --- a/internal/api/client/user/passwordchange_test.go +++ b/internal/api/client/user/passwordchange_test.go @@ -119,13 +119,13 @@ func (suite *PasswordChangeTestSuite) TestPasswordIncorrectOldPassword() { suite.userModule.PasswordChangePOSTHandler(ctx) // check response - suite.EqualValues(http.StatusBadRequest, recorder.Code) + suite.EqualValues(http.StatusUnauthorized, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) - suite.Equal(`{"error":"Bad Request: old password did not match"}`, string(b)) + suite.Equal(`{"error":"Unauthorized: old password was incorrect"}`, string(b)) } func (suite *PasswordChangeTestSuite) TestPasswordWeakNewPassword() { @@ -153,7 +153,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordWeakNewPassword() { defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) - suite.Equal(`{"error":"Bad Request: password is 94% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b)) + suite.Equal(`{"error":"Bad Request: password is only 94% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b)) } func TestPasswordChangeTestSuite(t *testing.T) { diff --git a/internal/processing/user/changepassword.go b/internal/processing/user/changepassword.go index 8cc71133d..50c7a7517 100644 --- a/internal/processing/user/changepassword.go +++ b/internal/processing/user/changepassword.go @@ -29,7 +29,7 @@ import ( func (p *processor) ChangePassword(ctx context.Context, user *gtsmodel.User, oldPassword string, newPassword string) gtserror.WithCode { if err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte(oldPassword)); err != nil { - return gtserror.NewErrorBadRequest(err, "old password did not match") + return gtserror.NewErrorUnauthorized(err, "old password was incorrect") } if err := validate.NewPassword(newPassword); err != nil { diff --git a/internal/processing/user/changepassword_test.go b/internal/processing/user/changepassword_test.go index e769f4cc0..1d92e6b55 100644 --- a/internal/processing/user/changepassword_test.go +++ b/internal/processing/user/changepassword_test.go @@ -56,17 +56,35 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() { errWithCode := suite.user.ChangePassword(context.Background(), user, "ooooopsydoooopsy", "verygoodnewpassword") suite.EqualError(errWithCode, "crypto/bcrypt: hashedPassword is not the hash of the given password") - suite.Equal(http.StatusBadRequest, errWithCode.Code()) - suite.Equal("Bad Request: old password did not match", errWithCode.Safe()) + suite.Equal(http.StatusUnauthorized, errWithCode.Code()) + suite.Equal("Unauthorized: old password was incorrect", errWithCode.Safe()) + + // get user from the db again + dbUser := >smodel.User{} + err := suite.db.GetByID(context.Background(), user.ID, dbUser) + suite.NoError(err) + + // check the password has not changed + err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password")) + suite.NoError(err) } func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() { user := suite.testUsers["local_account_1"] errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "1234") - suite.EqualError(errWithCode, "password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password") + suite.EqualError(errWithCode, "password is only 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password") suite.Equal(http.StatusBadRequest, errWithCode.Code()) - suite.Equal("Bad Request: password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe()) + suite.Equal("Bad Request: password is only 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe()) + + // get user from the db again + dbUser := >smodel.User{} + err := suite.db.GetByID(context.Background(), user.ID, dbUser) + suite.NoError(err) + + // check the password has not changed + err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password")) + suite.NoError(err) } func TestChangePasswordTestSuite(t *testing.T) { diff --git a/internal/validate/formvalidation.go b/internal/validate/formvalidation.go index 5ce80ae31..d22e43f6c 100644 --- a/internal/validate/formvalidation.go +++ b/internal/validate/formvalidation.go @@ -60,7 +60,7 @@ func NewPassword(password string) error { return errors.New(strings.ReplaceAll( err.Error(), "insecure password", - fmt.Sprintf("password is %d%% strength", percent))) + fmt.Sprintf("password is only %d%% strength", percent))) } return nil // pasword OK diff --git a/internal/validate/formvalidation_test.go b/internal/validate/formvalidation_test.go index 7b92b9a8c..ff40b1dfb 100644 --- a/internal/validate/formvalidation_test.go +++ b/internal/validate/formvalidation_test.go @@ -50,22 +50,22 @@ func (suite *ValidationTestSuite) TestCheckPasswordStrength() { err = validate.NewPassword(terriblePassword) if assert.Error(suite.T(), err) { - assert.Equal(suite.T(), errors.New("password is 62% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"), err) + assert.Equal(suite.T(), errors.New("password is only 62% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"), err) } err = validate.NewPassword(weakPassword) if assert.Error(suite.T(), err) { - assert.Equal(suite.T(), errors.New("password is 95% strength, try including more special characters, using numbers or using a longer password"), err) + assert.Equal(suite.T(), errors.New("password is only 95% strength, try including more special characters, using numbers or using a longer password"), err) } err = validate.NewPassword(shortPassword) if assert.Error(suite.T(), err) { - assert.Equal(suite.T(), errors.New("password is 39% strength, try including more special characters or using a longer password"), err) + assert.Equal(suite.T(), errors.New("password is only 39% strength, try including more special characters or using a longer password"), err) } err = validate.NewPassword(specialPassword) if assert.Error(suite.T(), err) { - assert.Equal(suite.T(), errors.New("password is 53% strength, try including more special characters or using a longer password"), err) + assert.Equal(suite.T(), errors.New("password is only 53% strength, try including more special characters or using a longer password"), err) } err = validate.NewPassword(longPassword) diff --git a/internal/web/panels.go b/internal/web/panels.go index e0e88944e..dafd0abc7 100644 --- a/internal/web/panels.go +++ b/internal/web/panels.go @@ -41,6 +41,7 @@ func (m *Module) UserPanelHandler(c *gin.Context) { assetsPath + "/Fork-Awesome/css/fork-awesome.min.css", assetsPath + "/dist/_colors.css", assetsPath + "/dist/base.css", + assetsPath + "/dist/panels-base.css", assetsPath + "/dist/panels-user-style.css", }, "javascript": []string{ @@ -63,6 +64,9 @@ func (m *Module) AdminPanelHandler(c *gin.Context) { "instance": instance, "stylesheets": []string{ assetsPath + "/Fork-Awesome/css/fork-awesome.min.css", + assetsPath + "/dist/_colors.css", + assetsPath + "/dist/base.css", + assetsPath + "/dist/panels-base.css", assetsPath + "/dist/panels-admin-style.css", }, "javascript": []string{ diff --git a/internal/web/web.go b/internal/web/web.go index daa4563f7..fe270ac6c 100644 --- a/internal/web/web.go +++ b/internal/web/web.go @@ -133,10 +133,14 @@ func (m *Module) Route(s router.Router) error { }) s.AttachHandler(http.MethodGet, userPanelpath, m.UserPanelHandler) - // redirect /settings/ to /settings + // redirect /user/ to /user s.AttachHandler(http.MethodGet, userPanelpath+"/", func(c *gin.Context) { c.Redirect(http.StatusMovedPermanently, userPanelpath) }) + // redirect /auth/edit to /user + s.AttachHandler(http.MethodGet, "/auth/edit", func(c *gin.Context) { + c.Redirect(http.StatusMovedPermanently, userPanelpath) + }) // serve front-page s.AttachHandler(http.MethodGet, "/", m.baseHandler) |