From 107685e22e809123a31e6518249d14888767f0fe Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Thu, 14 Oct 2021 14:26:04 +0200 Subject: User password change (#280) * start passwordChangeHandler * add user scope * add user module / api path * add password change request * make comment clearer * add user to processor * required true * add processor call to handler * don't pass tc or channel * change password func + tests * add some first docs about password management * update swagger docs * add api tests * go fmt * test fixes --- internal/processing/user/changepassword.go | 50 ++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 internal/processing/user/changepassword.go (limited to 'internal/processing/user/changepassword.go') diff --git a/internal/processing/user/changepassword.go b/internal/processing/user/changepassword.go new file mode 100644 index 000000000..3fe2c8d7c --- /dev/null +++ b/internal/processing/user/changepassword.go @@ -0,0 +1,50 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package user + +import ( + "context" + + "github.com/superseriousbusiness/gotosocial/internal/gtserror" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/validate" + "golang.org/x/crypto/bcrypt" +) + +func (p *processor) ChangePassword(ctx context.Context, user *gtsmodel.User, oldPassword string, newPassword string) gtserror.WithCode { + if err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte(oldPassword)); err != nil { + return gtserror.NewErrorBadRequest(err, "old password did not match") + } + + if err := validate.NewPassword(newPassword); err != nil { + return gtserror.NewErrorBadRequest(err, err.Error()) + } + + newPasswordHash, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost) + if err != nil { + return gtserror.NewErrorInternalError(err, "error hashing password") + } + + user.EncryptedPassword = string(newPasswordHash) + if err := p.db.UpdateByPrimaryKey(ctx, user); err != nil { + return gtserror.NewErrorInternalError(err, "database error") + } + + return nil +} -- cgit v1.2.3