(w http.ResponseWriter, r *http.Request)
| 461 | } |
| 462 | |
| 463 | func (u *Users) PasswordUpdate(w http.ResponseWriter, r *http.Request) { |
| 464 | vd := views.Data{} |
| 465 | |
| 466 | user := context.User(r.Context()) |
| 467 | if user == nil { |
| 468 | handleHTMLError(w, r, app.ErrLoginRequired, "No authenticated user found", u.SettingView, vd) |
| 469 | return |
| 470 | } |
| 471 | |
| 472 | var form updatePasswordForm |
| 473 | if err := parseRequestData(r, &form); err != nil { |
| 474 | handleHTMLError(w, r, err, "parsing payload", u.LoginView, vd) |
| 475 | return |
| 476 | } |
| 477 | |
| 478 | if form.OldPassword == "" || form.NewPassword == "" { |
| 479 | handleHTMLError(w, r, app.ErrInvalidPasswordChangeInput, "invalid params", u.SettingView, vd) |
| 480 | return |
| 481 | } |
| 482 | if form.NewPassword != form.NewPasswordConfirmation { |
| 483 | handleHTMLError(w, r, app.ErrPasswordConfirmationMismatch, "passwords do not match", u.SettingView, vd) |
| 484 | return |
| 485 | } |
| 486 | |
| 487 | password := []byte(form.OldPassword) |
| 488 | if err := bcrypt.CompareHashAndPassword([]byte(user.Password.String), password); err != nil { |
| 489 | log.WithFields(log.Fields{ |
| 490 | "user_id": user.ID, |
| 491 | }).Warn("invalid password update attempt") |
| 492 | handleHTMLError(w, r, app.ErrInvalidPassword, "invalid password", u.SettingView, vd) |
| 493 | return |
| 494 | } |
| 495 | |
| 496 | if err := app.UpdateUserPassword(u.app.DB, user, form.NewPassword); err != nil { |
| 497 | handleHTMLError(w, r, err, "updating password", u.SettingView, vd) |
| 498 | return |
| 499 | } |
| 500 | |
| 501 | alert := views.Alert{ |
| 502 | Level: views.AlertLvlSuccess, |
| 503 | Message: "Password change successful", |
| 504 | } |
| 505 | views.RedirectAlert(w, r, "/", http.StatusFound, alert) |
| 506 | } |
| 507 | |
| 508 | type updateProfileForm struct { |
| 509 | Email string `schema:"email"` |
nothing calls this directly
no test coverage detected