improve login + add system-password and system-delete

2016-08-17 22:31:58 +02:00 · 2016-08-17 22:31:58 +02:00 · 7320874578
parent b78aa4be3d
commit 7320874578
4 changed files with 98 additions and 20 deletions
--- a/lib/api/main.go
+++ b/lib/api/main.go
@ -49,11 +49,3 @@ func SessionHandler(h Handle, sessions *session.Manager) httprouter.Handle {
 		JsonOutput(w, r, sess, data, err)
 	}
 }
-
-func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle {
-	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
-		sess := sessions.SessionStart(w, r)
-		data, err := h(w, r, ps, sess)
-		JsonOutput(w, r, sess, data, err)
-	}
-}
--- a/system/api.go
+++ b/system/api.go
@ -35,9 +35,9 @@ func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *x
 	}
 	router.GET(prefix+"/status", libapi.SessionHandler(api.Status, sessions))
 	router.POST(prefix+"/login", libapi.SessionHandler(api.Login, sessions))
-	router.GET(prefix+"/logout", libapi.LoginHandler(api.Logout, sessions))
-	router.POST(prefix+"/password", libapi.LoginHandler(api.Password, sessions))
-	router.GET(prefix+"/delete", libapi.LoginHandler(api.Status, sessions))
+	router.GET(prefix+"/logout", LoginHandler(api.Logout, sessions))
+	router.POST(prefix+"/password", LoginHandler(api.Password, sessions))
+	router.GET(prefix+"/delete", LoginHandler(api.Delete, sessions))
 }

 // Status to get Login and Server status
@ -58,7 +58,7 @@ func (api *API) Status(w http.ResponseWriter, r *http.Request, _ httprouter.Para
 }

 // Logout current user
-func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
+func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, _ *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
 	api.sessions.SessionDestroy(w, r)
 	logger := api.log.GetLog(r, "logout")
 	if login := sess.Get("login"); login != nil {
@ -79,6 +79,9 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
 	if err != nil {
 		logger.Error("fetch request")
 		http.Error(w, err.Error(), http.StatusInternalServerError)
+		returnerr = &libapi.ErrorResult{
+			Message: "Internal Request Error",
+		}
 		returndata = false
 		return
 	}
@ -87,11 +90,15 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
 	_, err = api.dbconnection.Get(&login)
 	if err != nil {
 		logger.Error("fetch database")
+		returnerr = &libapi.ErrorResult{
+			Message: "Internal Request Error",
+		}
 		returndata = false
 		return
 	}
-	if login.Id <= 0 {
+	if login.ID <= 0 {
 		logger.Warn("user not found")
+		returnerr = &libapi.ErrorResult{Fields: []string{"username"}, Message: "User not Found"}
 		returndata = false
 		return
 	}
@ -104,6 +111,7 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
 			logger.Info("logged in")
 		} else {
 			logger.Warn("wrong password")
+			returnerr = &libapi.ErrorResult{Fields: []string{"password"}, Message: "Wrong Password"}
 		}
 	} else {
 		logger.Warn("not active")
@ -111,15 +119,46 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param

 	return
 }
-func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
+
+//Password to change the password
+func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
 	logger := api.log.GetLog(r, "password")
-	logger.Warn("not implemented")
 	returndata = false
+	var changePasswordRequest ChangePasswordRequest
+
+	err := json.NewDecoder(r.Body).Decode(&changePasswordRequest)
+	if err != nil {
+		logger.Error("fetch request")
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
 		return
 	}
-func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
+	output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword)
+	if !output {
+		logger.Warn("wrong current password")
+		returnerr = &libapi.ErrorResult{Fields: []string{"currentpassword"}, Message: "Wrong CurrentPassword"}
+		return
+	}
+
+	if len(changePasswordRequest.NewPassword) < MINPASSWORDLENTH {
+		logger.Warn("wrong new password")
+		returnerr = &libapi.ErrorResult{Fields: []string{"newpassword"}, Message: "Wrong NewPassword"}
+		return
+	}
+	login.Password = libpassword.NewHesh(changePasswordRequest.NewPassword)
+	api.dbconnection.Update(login)
+	sess.Set("login", *login)
+	returndata = true
+	logger.Info("works")
+	return
+}
+
+//Delete of login on warehost
+func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
 	logger := api.log.GetLog(r, "delete")
-	logger.Warn("not implemented")
-	returndata = false
+	logger.Warn("login delete")
+	sess.Delete("login")
+	api.dbconnection.Delete(login)
+	returndata = true
 	return
 }
--- a/system/lib.go
+++ b/system/lib.go
@ -0,0 +1,29 @@
+package system
+
+import (
+	"net/http"
+
+	"github.com/astaxie/session"
+	"github.com/julienschmidt/httprouter"
+
+	libapi "dev.sum7.de/sum7/warehost/lib/api"
+)
+
+type Handle func(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (interface{}, *libapi.ErrorResult)
+
+//LoginHandler for api function to Verifie User ist loggedin
+func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle {
+	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+		sess := sessions.SessionStart(w, r)
+		err := &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not logged in"}
+		var data interface{}
+		data = false
+
+		if login := sess.Get("login"); login != nil {
+			if loginObj := login.(Login); loginObj.Active {
+				data, err = h(w, r, ps, sess, &loginObj)
+			}
+		}
+		libapi.JsonOutput(w, r, sess, data, err)
+	}
+}
--- a/system/models.go
+++ b/system/models.go
@ -9,15 +9,32 @@ import (
 	"github.com/go-xorm/xorm"
 )

-// Login object for request
+// MINPASSWORDLENTH to validate password
+const MINPASSWORDLENTH = 3
+
+/*
+ * API Model
+ */
+
+// RequestLogin for api request to log in
 type RequestLogin struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
 }

+// ChangePasswordRequest for api request of a new password
+type ChangePasswordRequest struct {
+	CurrentPassword string `json:"currentpassword"`
+	NewPassword     string `json:"newpassword"`
+}
+
+/*
+ * Database Model
+ */
+
 // Login found
 type Login struct {
-	Id          int64     `json:"id"`
+	ID          int64     `xorm:"'id'" json:"id"`
 	Username    string    `xorm:"varchar(255) not null unique 'mail'" json:"username"`
 	Password    string    `xorm:"varchar(255) not null 'password'" json:"-"`
 	Active      bool      `xorm:"boolean default false 'active'" json:"active"`
@ -27,6 +44,7 @@ type Login struct {
 	LastLoginAt time.Time `xorm:"timestampz 'lastloginat'" json:"lastloginat"`
 }

+// SyncModels to verify the database schema
 func SyncModels(dbconnection *xorm.Engine) {
 	err := dbconnection.Sync(new(Login))
 	if err != nil {