add new function to change passsword with test

add new permission group
add exeption array to middleware Autorization
2025-11-13 13:16:58 +01:00 · 2025-11-13 13:16:46 +01:00 · 2025-11-13 13:16:11 +01:00 · 2025-11-12 17:15:18 +01:00 · 2025-11-12 14:23:07 +01:00
5 changed files with 100 additions and 17 deletions
--- a/db_test.go
+++ b/db_test.go
@@ -19,6 +19,7 @@ func TestDatabase(t *testing.T) {
 	// set enviroment variables
 	os.Setenv("ACCESS_SECRET", "12345678910111213141516171819202")
 	os.Setenv("REFRESH_SECRET", "9998979695949392919089888786858")
 	os.Setenv("DOMAIN", "localhost")
 	dbName := "user.db"
 	if _, err := os.Stat(dbName); err == nil {
@@ -160,6 +161,7 @@ func TestDatabase(t *testing.T) {
 func TestLoginAndAuthorization(t *testing.T) {
 	os.Setenv("ACCESS_SECRET", "12345678910111213141516171819202")
 	os.Setenv("REFRESH_SECRET", "9998979695949392919089888786858")
 	os.Setenv("DOMAIN", "localhost")
 	gin.SetMode(gin.TestMode)
@@ -183,11 +185,15 @@ func TestLoginAndAuthorization(t *testing.T) {
 	auth.GET("", func(ctx *gin.Context) {
 		ctx.JSON(http.StatusOK, "ok")
 	})
 	auth2 := middleware.Group("", aH.AuthorizeRole("/login/change", "password"))
 	auth2.POST("/login/change/password", aH.ChangePassword)
 	// ---- Step 1: Perform login ----
 	user := models.User{
-		Name:     "guest",
+		Name:        "guest",
-		Password: "passwordd1",
+		Password:    "passwordd1",
 		NewPassword: "Newpasswordd1",
 	}
 	jsonBody, _ := json.Marshal(user)
@@ -216,22 +222,40 @@ func TestLoginAndAuthorization(t *testing.T) {
 	}
 	type request struct {
-		Name   string
+		Name        string
-		Method string
+		Method      string
-		Path   string
+		Path        string
-		Cookie *http.Cookie
+		Payload     any
 		Cookie      *http.Cookie
 		ignoreError bool
 	}
 	var requests []request
 	user.Id = 2
 	correctUser := user
 	correctUser.Password = user.NewPassword
 	requests = append(requests,
 		request{Name: "Refresh", Method: "POST", Path: "/login/refresh", Cookie: refreshCookie},
 		request{Name: "Me", Method: "GET", Path: "/login/me", Cookie: accessCookie},
 		request{Name: "Authorization", Method: "GET", Path: "/members", Cookie: accessCookie},
 		request{Name: "Change Password", Method: "POST", Path: "/login/change/password", Cookie: accessCookie, Payload: user},
 		request{Name: "Logout", Method: "GET", Path: "/logout", Cookie: refreshCookie},
 		request{Name: "New wrong login", Method: "POST", Path: "/login", Payload: user, ignoreError: true},
 		request{Name: "New login", Method: "POST", Path: "/login", Payload: correctUser},
 	)
 	for _, request := range requests {
-		req, _ := http.NewRequest(request.Method, request.Path, nil)
+		var body io.Reader
 		if request.Payload != nil {
 			jsonBytes, err := json.Marshal(request.Payload)
 			if err != nil {
 				t.Fatal(err)
 			}
 			body = bytes.NewBuffer(jsonBytes)
 		}
 		req, _ := http.NewRequest(request.Method, request.Path, body)
 		if request.Cookie != nil {
 			req.AddCookie(request.Cookie) // attach refresh_token cookie
 		}
@@ -240,6 +264,8 @@ func TestLoginAndAuthorization(t *testing.T) {
 		r.ServeHTTP(w, req)
 		t.Log(request.Name+" response:", w.Body.String())
-		assert.Equal(t, http.StatusOK, w.Code)
+		if !request.ignoreError {
 			assert.Equal(t, http.StatusOK, w.Code)
 		}
 	}
 }
--- a/handlers/middleware.go
+++ b/handlers/middleware.go
@@ -3,6 +3,7 @@ package handlers
 import (
 	"log"
 	"net/http"
 	"slices"
 	"strings"
 	"gitea.tecamino.com/paadi/access-handler/models"
@@ -116,7 +117,7 @@ func (aH *AccessHandler) AuthMiddleware() gin.HandlerFunc {
 // Usage:
 //
 //	router.GET("/secure/:id", aH.AuthorizeRole("/api/v1"))
-func (aH *AccessHandler) AuthorizeRole(suffix string) gin.HandlerFunc {
+func (aH *AccessHandler) AuthorizeRole(suffix string, exeptions ...string) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		aH.logger.Debug("AuthorizeRole", "permission path of url path")
 		permissionPath := strings.TrimPrefix(c.Request.URL.Path, suffix+"/")
@@ -149,6 +150,12 @@ func (aH *AccessHandler) AuthorizeRole(suffix string) gin.HandlerFunc {
 			return
 		}
 		// check exeptions
 		if slices.Contains(exeptions, permissionPath) {
 			c.Next()
 			return
 		}
 		// Check permissions
 		for _, permission := range roles[0].Permissions {
 			if permission.Name == permissionPath {
--- a/handlers/user.go
+++ b/handlers/user.go
@@ -99,6 +99,54 @@ func (aH *AccessHandler) AddUser(c *gin.Context) {
 	})
 }
 func (aH *AccessHandler) ChangePassword(c *gin.Context) {
 	var user models.User
 	err := c.BindJSON(&user)
 	if err != nil {
 		aH.logger.Error("ChangePassword", err)
 		c.JSON(http.StatusInternalServerError, models.NewJsonErrorResponse(err))
 		return
 	}
 	// get user to check ChangePassword
 	var dbRecord models.User
 	err = aH.dbHandler.GetById(&dbRecord, user.Id)
 	if err != nil {
 		aH.logger.Error("ChangePassword", err)
 		c.JSON(http.StatusInternalServerError, nil)
 		return
 	}
 	// Check if old password is correct
 	if !utils.CheckPassword(user.Password, dbRecord.Password) {
 		fmt.Println(123, dbRecord.Password, user.Password)
 		// Found a user → skip create
 		aH.logger.Error("ChangePassword", "wrong password entered for user: "+user.Name)
 		c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse("invalid credentials"))
 		return
 	}
 	fmt.Println(3)
 	// Hash the provided password before saving
 	user.Password, err = utils.HashPassword(user.NewPassword)
 	if err != nil {
 		aH.logger.Error("ChangePassword", err)
 		c.JSON(http.StatusInternalServerError, nil)
 		return
 	}
 	fmt.Println(4)
 	aH.logger.Debug("ChangePassword", "change user "+user.Name+" password")
 	// Update user
 	aH.dbHandler.UpdateValuesById(&user, user.Id)
 	fmt.Println(5)
 	c.JSON(http.StatusOK, gin.H{
 		"message": fmt.Sprintf("password of user '%s' changed", user.Name),
 	})
 }
 func (aH *AccessHandler) GetUser(c *gin.Context) {
 	var i int
 	var err error
--- a/models/permission.go
+++ b/models/permission.go
@@ -12,9 +12,10 @@ func (r *Permissions) DefaultPermissions() {
 	*r = append(*r,
 		Permission{Name: "settings", Permission: 7},
 		Permission{Name: "userSettings", Permission: 7},
-		Permission{Name: "members", Permission: 15},
+		Permission{Name: "members", Permission: 31},
 		Permission{Name: "events", Permission: 7},
 		Permission{Name: "responsible", Permission: 7},
 		Permission{Name: "group", Permission: 7},
 	)
 }
--- a/models/user.go
+++ b/models/user.go
@@ -5,13 +5,14 @@ import (
 )
 type User struct {
-	Id         uint     `gorm:"primaryKey" json:"id"`
+	Id          uint     `gorm:"primaryKey" json:"id"`
-	Name       string   `gorm:"column:user_name" json:"user"`
+	Name        string   `gorm:"column:user_name" json:"user"`
-	Email      string   `gorm:"column:email" json:"email"`
+	Email       string   `gorm:"column:email" json:"email"`
-	Role       string   `gorm:"column:role" json:"role,omitempty"`
+	Role        string   `gorm:"column:role" json:"role,omitempty"`
-	Password   string   `gorm:"column:password" json:"password"`
+	Password    string   `gorm:"column:password" json:"password"`
-	Expiration string   `gorm:"column:expiration" json:"expiration,omitempty"`
+	NewPassword string   `gorm:"-" json:"newPassword"`
-	Settings   Settings `gorm:"type:json" json:"settings"`
+	Expiration  string   `gorm:"column:expiration" json:"expiration,omitempty"`
 	Settings    Settings `gorm:"type:json" json:"settings"`
 }
 func (u *User) IsValid() bool {
Author	SHA1	Message	Date
Adrian Zürcher	567cc726cc	add new function to change passsword with test	2025-11-13 13:16:58 +01:00
Adrian Zürcher	3684fa224a	add new permission group	2025-11-13 13:16:46 +01:00
Adrian Zürcher	db82dcf443	add exeption array to middleware Autorization	2025-11-13 13:16:11 +01:00
Adrian Zürcher	51d20dba37	increase member permission to 31 for import export	2025-11-12 17:15:18 +01:00
Adrian Zürcher	2a400f4ee4	add domain env to test	2025-11-12 14:23:07 +01:00