closes #53

2023-10-25 14:22:45 +01:00 · 2023-10-25 14:22:45 +01:00 · 0d4b8917d1
commit 0d4b8917d1
parent beeb42be56
3 changed files with 150 additions and 1 deletions
--- a/users.go
+++ b/users.go
@ -11,7 +11,7 @@ import (

 	"golang.org/x/crypto/bcrypt"

-    . "git.andr3h3nriqu3s.com/andr3/fyp/logic/utils"
+	. "git.andr3h3nriqu3s.com/andr3/fyp/logic/utils"
 )

 func generateSalt() string {
@ -204,6 +204,102 @@ func usersEndpints(db *sql.DB, handle *Handle) {
 		return nil
 	})

+	handle.Get("/user/info", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
+		if !CheckAuthLevel(1, w, r, c) {
+			return nil
+		}
+		if c.Mode == JSON {
+			return c.Error500(nil)
+		}
+
+		LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
+			"Email": c.User.Email,
+		}))
+		return nil
+	})
+
+	handle.Post("/user/info/email", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
+		if !CheckAuthLevel(1, w, r, c) {
+			return nil
+		}
+		if c.Mode == JSON {
+			return c.Error500(nil)
+		}
+
+		r.ParseForm()
+
+		if CheckEmpty(r.Form, "email") {
+			return c.Error400(nil, "Email Not provided", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
+				"Email": c.User.Email,
+			}))
+		}
+
+		c.Logger.Warn("test", "email", r.Form.Get("email"))
+
+		_, err := c.Db.Exec("update users set email=$1 where id=$2", r.Form.Get("email"), c.User.Id)
+		if err != nil {
+			return c.Error500(err)
+		}
+
+		LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
+			"Email": r.Form.Get("email"),
+		}))
+		return nil
+	})
+
+	handle.Post("/user/info/password", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
+		if !CheckAuthLevel(1, w, r, c) {
+			return nil
+		}
+		if c.Mode == JSON {
+			return c.Error500(nil)
+		}
+
+		r.ParseForm()
+		f := r.Form
+
+		if CheckEmpty(f, "old_password") || CheckEmpty(f, "password") || CheckEmpty(f, "password2") {
+			return c.Error400(nil, "OldPassword, Password or Password2 not provided!", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
+				"Email":            c.User.Email,
+				"NoUserOrPassword": true,
+			}))
+		}
+
+		password := f.Get("password")
+		password2 := f.Get("password2")
+
+		if password != password2 {
+			return c.Error400(nil, "New passwords did not match", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
+				"Email":              c.User.Email,
+				"PasswordNotTheSame": true,
+			}))
+		}
+
+		_, login := generateToken(db, c.User.Email, f.Get("old_password"))
+		if !login {
+			return c.Error400(nil, "Password was incorrect", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
+				"Email":            c.User.Email,
+				"NoUserOrPassword": true,
+			}))
+		}
+
+		salt := generateSalt()
+		hash_password, err := hashPassword(password, salt)
+		if err != nil {
+			return c.Error500(err)
+		}
+
+		_, err = db.Exec("update users set salt=$1, password=$2 where id=$3", salt, hash_password, c.User.Id)
+		if err != nil {
+			return c.Error500(err)
+		}
+
+		LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
+			"email": c.User.Email,
+		}))
+		return nil
+	})
+
 	handle.Get("/logout", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
 		if c.Mode == JSON {
 			panic("TODO handle json")
--- a/views/partials/header.html
+++ b/views/partials/header.html
@ -15,6 +15,9 @@
        <li class="expand"></li>
        {{ if .Context.User }}
            <li> 
+                <a hx-get="/user/info" hx-headers='{"REQUEST-TYPE": "htmlfull"}' hx-push-url="true" hx-swap="outerHTML" hx-target=".app">
+                    User Info
+                </a>
                <a hx-get="/logout" hx-headers='{"REQUEST-TYPE": "htmlfull"}' hx-push-url="true" hx-swap="outerHTML" hx-target=".app">
                    Logout
                </a>
--- a/views/users/edit.html
+++ b/views/users/edit.html
@ -0,0 +1,50 @@
+{{ define "title" }}
+    User Info
+{{ end }}
+
+{{define "mainbody"}}
+    <div class="login-page">
+        <div>
+            <h1>
+                User Infomation
+            </h1>
+            <form method="post" action="/user/info/email" {{if .Submited}}class="submitted"{{end}}  >
+                <fieldset>
+                    <label for="email">Email</label>
+                    <input type="email" required name="email" {{if .Email}} value="{{.Email}}" {{end}} />
+                </fieldset>
+                <button>
+                    Update
+                </button>
+            </form>
+            <form method="post" action="/user/info/password" {{if .Submited}}class="submitted"{{end}}  >
+                <fieldset>
+                    <label for="old_password">Old Password</label>
+                    <input required name="old_password" type="password" />
+                    {{if .NoUserOrPassword}}
+                        <span class="form-msg error">
+                            Either the password is incorrect
+                        </span>
+                    {{end}}
+                </fieldset>
+                <fieldset>
+                    <label for="password">New Password</label>
+                    <input required name="password" type="password" />
+                </fieldset>
+                <fieldset>
+                    <label for="password2">Repeat New Password</label>
+                    <input required name="password2" type="password" />
+                    {{if .PasswordNotTheSame}}
+                        <span class="form-msg error">
+                            Either the passwords are not the same
+                        </span>
+                    {{end}}
+                </fieldset>
+                <button>
+                    Update
+                </button>
+            </form>
+        </div>
+    </div>
+{{end}}
+