closes #53

2023-10-25 14:22:45 +01:00
parent beeb42be56
commit 0d4b8917d1
3 changed files with 150 additions and 1 deletions
--- a/users.go
+++ b/users.go
@@ -11,7 +11,7 @@ import (

 	"golang.org/x/crypto/bcrypt"

-    . "git.andr3h3nriqu3s.com/andr3/fyp/logic/utils"
+	. "git.andr3h3nriqu3s.com/andr3/fyp/logic/utils"
 )

 func generateSalt() string {
@@ -204,6 +204,102 @@ func usersEndpints(db *sql.DB, handle *Handle) {
 		return nil
 	})

+	handle.Get("/user/info", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
+		if !CheckAuthLevel(1, w, r, c) {
+			return nil
+		}
+		if c.Mode == JSON {
+			return c.Error500(nil)
+		}
+
+		LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
+			"Email": c.User.Email,
+		}))
+		return nil
+	})
+
+	handle.Post("/user/info/email", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
+		if !CheckAuthLevel(1, w, r, c) {
+			return nil
+		}
+		if c.Mode == JSON {
+			return c.Error500(nil)
+		}
+
+		r.ParseForm()
+
+		if CheckEmpty(r.Form, "email") {
+			return c.Error400(nil, "Email Not provided", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
+				"Email": c.User.Email,
+			}))
+		}
+
+		c.Logger.Warn("test", "email", r.Form.Get("email"))
+
+		_, err := c.Db.Exec("update users set email=$1 where id=$2", r.Form.Get("email"), c.User.Id)
+		if err != nil {
+			return c.Error500(err)
+		}
+
+		LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
+			"Email": r.Form.Get("email"),
+		}))
+		return nil
+	})
+
+	handle.Post("/user/info/password", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
+		if !CheckAuthLevel(1, w, r, c) {
+			return nil
+		}
+		if c.Mode == JSON {
+			return c.Error500(nil)
+		}
+
+		r.ParseForm()
+		f := r.Form
+
+		if CheckEmpty(f, "old_password") || CheckEmpty(f, "password") || CheckEmpty(f, "password2") {
+			return c.Error400(nil, "OldPassword, Password or Password2 not provided!", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
+				"Email":            c.User.Email,
+				"NoUserOrPassword": true,
+			}))
+		}
+
+		password := f.Get("password")
+		password2 := f.Get("password2")
+
+		if password != password2 {
+			return c.Error400(nil, "New passwords did not match", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
+				"Email":              c.User.Email,
+				"PasswordNotTheSame": true,
+			}))
+		}
+
+		_, login := generateToken(db, c.User.Email, f.Get("old_password"))
+		if !login {
+			return c.Error400(nil, "Password was incorrect", w, "users/edit.html", "mainbody", c.AddMap(AnyMap{
+				"Email":            c.User.Email,
+				"NoUserOrPassword": true,
+			}))
+		}
+
+		salt := generateSalt()
+		hash_password, err := hashPassword(password, salt)
+		if err != nil {
+			return c.Error500(err)
+		}
+
+		_, err = db.Exec("update users set salt=$1, password=$2 where id=$3", salt, hash_password, c.User.Id)
+		if err != nil {
+			return c.Error500(err)
+		}
+
+		LoadBasedOnAnswer(c.Mode, w, "users/edit.html", c.AddMap(AnyMap{
+			"email": c.User.Email,
+		}))
+		return nil
+	})
+
 	handle.Get("/logout", func(w http.ResponseWriter, r *http.Request, c *Context) *Error {
 		if c.Mode == JSON {
 			panic("TODO handle json")