web/auth: password set by code
continuous-integration/drone the build was successful
Details
continuous-integration/drone the build was successful
Details
This commit is contained in:
parent
1848fccbef
commit
b29a85551f
|
@ -0,0 +1,75 @@
|
|||
package auth
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/google/uuid"
|
||||
"gorm.io/gorm"
|
||||
|
||||
"dev.sum7.eu/genofire/golang-lib/web"
|
||||
)
|
||||
|
||||
// PasswordWithForgetCode - JSON Request to set password without login
|
||||
type PasswordWithForgetCode struct {
|
||||
ForgetCode uuid.UUID `json:"forget_code"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
// @Summary Change Password with ForgetCode
|
||||
// @Description Change Password of any user by generated forget code
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Success 200 {object} string "username of changed password (e.g. `"admin"`)"
|
||||
// @Failure 400 {object} web.HTTPError
|
||||
// @Failure 401 {object} web.HTTPError
|
||||
// @Failure 500 {object} web.HTTPError
|
||||
// @Router /api/v1/auth/password/code [post]
|
||||
// @Param body body PasswordWithForgetCode false "new password and forget code"
|
||||
func init() {
|
||||
web.ModuleRegister(func(r *gin.Engine, ws *web.Service) {
|
||||
r.POST("/api/v1/auth/password/code", func(c *gin.Context) {
|
||||
var req PasswordWithForgetCode
|
||||
if err := c.BindJSON(&req); err != nil {
|
||||
c.JSON(http.StatusBadRequest, web.HTTPError{
|
||||
Message: web.APIErrorInvalidRequestFormat,
|
||||
Error: err.Error(),
|
||||
})
|
||||
return
|
||||
}
|
||||
d := User{}
|
||||
if err := ws.DB.Where("forget_code", req.ForgetCode).First(&d).Error; err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
c.JSON(http.StatusBadRequest, web.HTTPError{
|
||||
Message: APIErrorUserNotFound,
|
||||
Error: err.Error(),
|
||||
})
|
||||
return
|
||||
}
|
||||
c.JSON(http.StatusInternalServerError, web.HTTPError{
|
||||
Message: APIErrroCreatePassword,
|
||||
Error: err.Error(),
|
||||
})
|
||||
return
|
||||
}
|
||||
if err := d.SetPassword(req.Password); err != nil {
|
||||
c.JSON(http.StatusInternalServerError, web.HTTPError{
|
||||
Message: APIErrroCreatePassword,
|
||||
Error: err.Error(),
|
||||
})
|
||||
return
|
||||
}
|
||||
d.ForgetCode = nil
|
||||
|
||||
if err := ws.DB.Save(&d).Error; err != nil {
|
||||
c.JSON(http.StatusInternalServerError, web.HTTPError{
|
||||
Message: web.APIErrorInternalDatabase,
|
||||
Error: err.Error(),
|
||||
})
|
||||
return
|
||||
}
|
||||
c.JSON(http.StatusOK, d.Username)
|
||||
})
|
||||
})
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
package auth
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"dev.sum7.eu/genofire/golang-lib/web"
|
||||
"dev.sum7.eu/genofire/golang-lib/web/webtest"
|
||||
)
|
||||
|
||||
func TestAPIPasswordCode(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
s := webtest.New(assert)
|
||||
assert.NotNil(s)
|
||||
SetupMigration(s.DB)
|
||||
s.DB.MigrateTestdata()
|
||||
|
||||
forgetCode := uuid.New()
|
||||
passwordCurrent := "CHANGEME"
|
||||
passwordNew := "test"
|
||||
|
||||
s.DB.DB.Model(&User{ID: TestUser1ID}).Update("forget_code", forgetCode)
|
||||
|
||||
hErr := web.HTTPError{}
|
||||
// invalid
|
||||
s.Request(http.MethodPost, "/api/v1/auth/password/code", &passwordNew, http.StatusBadRequest, &hErr)
|
||||
assert.Equal(web.APIErrorInvalidRequestFormat, hErr.Message)
|
||||
|
||||
res := ""
|
||||
// set new password
|
||||
s.Request(http.MethodPost, "/api/v1/auth/password/code", &PasswordWithForgetCode{
|
||||
ForgetCode: forgetCode,
|
||||
Password: passwordNew,
|
||||
}, http.StatusOK, &res)
|
||||
assert.Equal("admin", res)
|
||||
|
||||
hErr = web.HTTPError{}
|
||||
// set password without code
|
||||
s.Request(http.MethodPost, "/api/v1/auth/password/code", &PasswordWithForgetCode{
|
||||
ForgetCode: forgetCode,
|
||||
Password: passwordCurrent,
|
||||
}, http.StatusBadRequest, &hErr)
|
||||
assert.Equal(APIErrorUserNotFound, hErr.Message)
|
||||
|
||||
forgetCode = uuid.New()
|
||||
s.DB.DB.Model(&User{ID: TestUser1ID}).Update("forget_code", forgetCode)
|
||||
|
||||
res = ""
|
||||
// set old password
|
||||
s.Request(http.MethodPost, "/api/v1/auth/password/code", &PasswordWithForgetCode{
|
||||
ForgetCode: forgetCode,
|
||||
Password: passwordCurrent,
|
||||
}, http.StatusOK, &res)
|
||||
assert.Equal("admin", res)
|
||||
}
|
|
@ -10,6 +10,7 @@ type User struct {
|
|||
ID uuid.UUID `json:"id" gorm:"type:uuid;default:gen_random_uuid()" example:"88078ec0-2135-445f-bf05-632701c77695"`
|
||||
Username string `json:"username" gorm:"unique" example:"kukoon"`
|
||||
Password string `json:"-" example:"super secret password"`
|
||||
ForgetCode *uuid.UUID `json:"-" gorm:"forget_code;type:uuid"`
|
||||
}
|
||||
|
||||
// NewUser by username and password
|
||||
|
|
Loading…
Reference in New Issue