diff --git a/db_test.go b/db_test.go index ec17f1d..6a9b7c2 100644 --- a/db_test.go +++ b/db_test.go @@ -185,11 +185,15 @@ func TestLoginAndAuthorization(t *testing.T) { auth.GET("", func(ctx *gin.Context) { ctx.JSON(http.StatusOK, "ok") }) + auth2 := middleware.Group("", aH.AuthorizeRole("/login/change", "password")) + + auth2.POST("/login/change/password", aH.ChangePassword) // ---- Step 1: Perform login ---- user := models.User{ - Name: "guest", - Password: "passwordd1", + Name: "guest", + Password: "passwordd1", + NewPassword: "Newpasswordd1", } jsonBody, _ := json.Marshal(user) @@ -218,22 +222,40 @@ func TestLoginAndAuthorization(t *testing.T) { } type request struct { - Name string - Method string - Path string - Cookie *http.Cookie + Name string + Method string + Path string + Payload any + Cookie *http.Cookie + ignoreError bool } var requests []request + user.Id = 2 + + correctUser := user + correctUser.Password = user.NewPassword + requests = append(requests, request{Name: "Refresh", Method: "POST", Path: "/login/refresh", Cookie: refreshCookie}, request{Name: "Me", Method: "GET", Path: "/login/me", Cookie: accessCookie}, request{Name: "Authorization", Method: "GET", Path: "/members", Cookie: accessCookie}, + request{Name: "Change Password", Method: "POST", Path: "/login/change/password", Cookie: accessCookie, Payload: user}, request{Name: "Logout", Method: "GET", Path: "/logout", Cookie: refreshCookie}, + request{Name: "New wrong login", Method: "POST", Path: "/login", Payload: user, ignoreError: true}, + request{Name: "New login", Method: "POST", Path: "/login", Payload: correctUser}, ) for _, request := range requests { - req, _ := http.NewRequest(request.Method, request.Path, nil) + var body io.Reader + if request.Payload != nil { + jsonBytes, err := json.Marshal(request.Payload) + if err != nil { + t.Fatal(err) + } + body = bytes.NewBuffer(jsonBytes) + } + req, _ := http.NewRequest(request.Method, request.Path, body) if request.Cookie != nil { req.AddCookie(request.Cookie) // attach refresh_token cookie } @@ -242,6 +264,8 @@ func TestLoginAndAuthorization(t *testing.T) { r.ServeHTTP(w, req) t.Log(request.Name+" response:", w.Body.String()) - assert.Equal(t, http.StatusOK, w.Code) + if !request.ignoreError { + assert.Equal(t, http.StatusOK, w.Code) + } } } diff --git a/handlers/user.go b/handlers/user.go index c62c33b..d660235 100644 --- a/handlers/user.go +++ b/handlers/user.go @@ -99,6 +99,54 @@ func (aH *AccessHandler) AddUser(c *gin.Context) { }) } +func (aH *AccessHandler) ChangePassword(c *gin.Context) { + var user models.User + err := c.BindJSON(&user) + if err != nil { + aH.logger.Error("ChangePassword", err) + c.JSON(http.StatusInternalServerError, models.NewJsonErrorResponse(err)) + return + } + + // get user to check ChangePassword + var dbRecord models.User + err = aH.dbHandler.GetById(&dbRecord, user.Id) + if err != nil { + aH.logger.Error("ChangePassword", err) + c.JSON(http.StatusInternalServerError, nil) + return + } + + // Check if old password is correct + if !utils.CheckPassword(user.Password, dbRecord.Password) { + fmt.Println(123, dbRecord.Password, user.Password) + // Found a user → skip create + aH.logger.Error("ChangePassword", "wrong password entered for user: "+user.Name) + c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse("invalid credentials")) + return + } + fmt.Println(3) + + // Hash the provided password before saving + user.Password, err = utils.HashPassword(user.NewPassword) + if err != nil { + aH.logger.Error("ChangePassword", err) + c.JSON(http.StatusInternalServerError, nil) + return + } + fmt.Println(4) + + aH.logger.Debug("ChangePassword", "change user "+user.Name+" password") + + // Update user + aH.dbHandler.UpdateValuesById(&user, user.Id) + fmt.Println(5) + + c.JSON(http.StatusOK, gin.H{ + "message": fmt.Sprintf("password of user '%s' changed", user.Name), + }) +} + func (aH *AccessHandler) GetUser(c *gin.Context) { var i int var err error