Implement changing of passwords

2025-06-03 03:02:14 +02:00 · 2020-08-02 14:45:24 +02:00 · 2020-08-02 14:45:24 +02:00 · e1cd2d2f8e
commit e1cd2d2f8e
parent d621333b6e
7 changed files with 46 additions and 22 deletions
--- a/api/application.go
+++ b/api/application.go
@ -28,7 +28,7 @@ type ApplicationDispatcher interface {
 // ApplicationHandler holds information for processing requests about applications.
 type ApplicationHandler struct {
 	DB ApplicationDatabase
-	Dispatcher ApplicationDispatcher
+	DP ApplicationDispatcher
 }

 func (h *ApplicationHandler) applicationExists(token string) bool {
@ -52,7 +52,7 @@ func (h *ApplicationHandler) CreateApplication(ctx *gin.Context) {

 	log.Printf("User %s will receive notifications for application %s.\n", user.Name, application.Name)

-	matrixid, err := h.Dispatcher.RegisterApplication(application.Name, user.MatrixID)
+	matrixid, err := h.DP.RegisterApplication(application.Name, user.MatrixID)

 	if success := successOrAbort(ctx, http.StatusInternalServerError, err); !success {
 		return
@ -86,7 +86,7 @@ func (h *ApplicationHandler) DeleteApplication(ctx *gin.Context) {

 	log.Printf("Deleting application %s.\n", application.Name)

-	if success := successOrAbort(ctx, http.StatusInternalServerError, h.Dispatcher.DeregisterApplication(application)); !success {
+	if success := successOrAbort(ctx, http.StatusInternalServerError, h.DP.DeregisterApplication(application)); !success {
 		return
 	}

--- a/api/notification.go
+++ b/api/notification.go
@ -24,7 +24,7 @@ type NotificationDispatcher interface {
 // NotificationHandler holds information for processing requests about notifications.
 type NotificationHandler struct {
 	DB NotificationDatabase
-	Dispatcher NotificationDispatcher
+	DP NotificationDispatcher
 }

 // CreateNotification is used to create a new notification for a user.
@ -45,7 +45,7 @@ func (h *NotificationHandler) CreateNotification(ctx *gin.Context) {
 	}
 	notification.Date = time.Now()

-	if success := successOrAbort(ctx, http.StatusInternalServerError, h.Dispatcher.SendNotification(application, &notification)); !success {
+	if success := successOrAbort(ctx, http.StatusInternalServerError, h.DP.SendNotification(application, &notification)); !success {
 		return
 	}

--- a/api/user.go
+++ b/api/user.go
@ -27,10 +27,16 @@ type UserDispatcher interface {
 	DeregisterApplication(a *model.Application) error
 }

+// The CredentialsManager interface for updating credentials.
+type CredentialsManager interface {
+	CreatePasswordHash(password string) []byte
+}
+
 // UserHandler holds information for processing requests about users.
 type UserHandler struct {
+	CM CredentialsManager
 	DB UserDatabase
-	Dispatcher ApplicationDispatcher
+	DP UserDispatcher
 }

 func (h *UserHandler) userExists(name string) bool {
@ -49,6 +55,7 @@ func (h *UserHandler) ensureIsNotLastAdmin(ctx *gin.Context) (int, error) {
 }

 // CreateUser creates a new user.
+// This method assumes that the requesting user has privileges.
 func (h *UserHandler) CreateUser(ctx *gin.Context) {
 	var externalUser model.ExternalUserWithCredentials

@ -71,6 +78,8 @@ func (h *UserHandler) CreateUser(ctx *gin.Context) {
 }

 // DeleteUser deletes a user with a certain ID.
+//
+// This method assumes that the requesting user has privileges.
 func (h *UserHandler) DeleteUser(ctx *gin.Context) {
 	var deleteUser model.DeleteUser

@ -99,7 +108,7 @@ func (h *UserHandler) DeleteUser(ctx *gin.Context) {
 	}

 	for _, app := range applications {
-		if success := successOrAbort(ctx, http.StatusInternalServerError, h.Dispatcher.DeregisterApplication(&app)); !success {
+		if success := successOrAbort(ctx, http.StatusInternalServerError, h.DP.DeregisterApplication(&app)); !success {
 			return
 		}
 	}
@ -112,6 +121,9 @@ func (h *UserHandler) DeleteUser(ctx *gin.Context) {
 }

 // UpdateUser updates a user with a certain ID.
+//
+// This method assumes that the requesting user has privileges. If users can later update their own user, make sure they
+// cannot give themselves privileges.
 func (h *UserHandler) UpdateUser(ctx *gin.Context) {
 	var updateUser model.UpdateUser

@ -136,11 +148,13 @@ func (h *UserHandler) UpdateUser(ctx *gin.Context) {

 	log.Printf("Updating user %s.\n", user.Name)

-	// If users can later update their own user, make sure they cannot give themselves privileges.
+	if user.MatrixID != updateUser.MatrixID {
+		// TODO: Update correspondent in rooms of applications.
+	}
+
 	// TODO: Handle unbound members.
-	// TODO: Allow updating of password.
-	// TODO: Update rooms of applications when the user's MatrixID changes.
 	user.Name = updateUser.Name
+	user.PasswordHash = h.CM.CreatePasswordHash(updateUser.Password)
 	user.MatrixID = updateUser.MatrixID
 	user.IsAdmin = updateUser.IsAdmin

--- a/app.go
+++ b/app.go
@ -55,7 +55,7 @@ func main() {

 	setupCleanup(db, dp)

-	engine := router.Create(c.Debug, db, dp)
+	engine := router.Create(c.Debug, cm, db, dp)

 	runner.Run(engine, c.HTTP.ListenAddress, c.HTTP.Port)
 }
--- a/model/application.go
+++ b/model/application.go
@ -14,13 +14,17 @@ type CreateApplication struct {
 	Name string `form:"name" query:"name" json:"name" binding:"required"`
 }

+type applicationIdentification struct {
+	ID uint `uri:"id" binding:"required"`
+}
+
 // DeleteApplication is used to process queries for deleting applications.
 type DeleteApplication struct {
-	ID uint `uri:"id"`
+	applicationIdentification
 }

 // UpdateApplication is used to process queries for updating applications.
 type UpdateApplication struct {
-	ID   uint   `uri:"id" binding:"required"`
+	applicationIdentification
 	Name string `json:"name"`
 }
--- a/model/user.go
+++ b/model/user.go
@ -67,15 +67,20 @@ func (u *User) IntoExternalUser() *ExternalUser {
 	}
 }

+type userIdentification struct {
+	ID uint `uri:"id" binding:"required"`
+}
+
 // DeleteUser is used to process queries for deleting users.
 type DeleteUser struct {
-	ID uint `uri:"id"`
+	userIdentification
 }

 // UpdateUser is used to process queries for updating users.
 type UpdateUser struct {
-	ID       uint   `uri:"id" binding:"required"`
+	userIdentification
 	Name     string `json:"name"`
+	Password string `json:"password"`
 	IsAdmin  bool   `json:"is_admin"`
 	MatrixID string `json:"matrix_id"`
 }
--- a/router/router.go
+++ b/router/router.go
@ -5,6 +5,7 @@ import (

 	"github.com/eikendev/pushbits/api"
 	"github.com/eikendev/pushbits/authentication"
+	"github.com/eikendev/pushbits/authentication/credentials"
 	"github.com/eikendev/pushbits/database"
 	"github.com/eikendev/pushbits/dispatcher"

@ -13,7 +14,7 @@ import (
 )

 // Create a Gin engine and setup all routes.
-func Create(debug bool, db *database.Database, dp *dispatcher.Dispatcher) *gin.Engine {
+func Create(debug bool, cm *credentials.Manager, db *database.Database, dp *dispatcher.Dispatcher) *gin.Engine {
 	log.Println("Setting up HTTP routes.")

 	if !debug {
@ -22,9 +23,9 @@ func Create(debug bool, db *database.Database, dp *dispatcher.Dispatcher) *gin.E

 	auth := authentication.Authenticator{DB: db}

-	applicationHandler := api.ApplicationHandler{DB: db, Dispatcher: dp}
-	notificationHandler := api.NotificationHandler{DB: db, Dispatcher: dp}
-	userHandler := api.UserHandler{DB: db, Dispatcher: dp}
+	applicationHandler := api.ApplicationHandler{DB: db, DP: dp}
+	notificationHandler := api.NotificationHandler{DB: db, DP: dp}
+	userHandler := api.UserHandler{CM: cm, DB: db, DP: dp}

 	r := gin.Default()