finished snippetbox

pethron · pethron · commit 80fad86b9cc7 · 2024-05-30T10:50:19.000+02:00
diff --git a/Makefile b/Makefile
@@ -7,5 +7,9 @@ start:
 	docker start $(DB)
 	go run ./cmd/web
 
+debug:
+	docker start $(DB)
+	go run ./cmd/web -debug
+
 stop:
 	docker stop $(DB)
diff --git a/cmd/web/handlers.go b/cmd/web/handlers.go
@@ -148,8 +148,7 @@ func userSignupPost(app *config.Application) http.HandlerFunc {
 				form.AddFieldError("email", "Email address is already in use")
 				data := app.NewTemplateData(r)
 				data.Form = form
-				app.Render(w, http.StatusUnprocessableEntity, "signup.tmpl",
-					data)
+				app.Render(w, http.StatusUnprocessableEntity, "signup.tmpl", data)
 			} else {
 				app.ServerError(w, err)
 			}
@@ -271,9 +270,9 @@ func accountView(app *config.Application) http.HandlerFunc {
 }
 
 type accountPasswordUpdateForm struct {
-	CurrentPassword         string `form:"password"`
-	NewPassword             string `form:"password"`
-	NewPasswordConfirmation string `form:"password"`
+	CurrentPassword         string `form:"currentPassword"`
+	NewPassword             string `form:"newPassword"`
+	NewPasswordConfirmation string `form:"newPasswordConfirmation"`
 	validator.Validator     `form:"-"`
 }
 
@@ -309,6 +308,23 @@ func accountPasswordUpdatePost(app *config.Application) http.HandlerFunc {
 			return
 		}
 
+		userID := app.SessionManager.GetInt(r.Context(), "authenticatedUserID")
+		err = app.Users.PasswordUpdate(userID, form.CurrentPassword, form.NewPassword)
+		if err != nil {
+			if errors.Is(err, models.ErrInvalidCredentials) {
+				form.AddFieldError("currentPassword", "Password is wrong")
+				data := app.NewTemplateData(r)
+				data.Form = form
+				app.Render(w, http.StatusUnprocessableEntity, "password.tmpl", data)
+				return
+			}
+
+			app.ServerError(w, err)
+			return
+		}
+
+		app.SessionManager.Put(r.Context(), "flash", "You've changed your password!")
+		http.Redirect(w, r, "/account/view", http.StatusSeeOther)
 	}
 }
 
diff --git a/internal/models/mocks/user.go b/internal/models/mocks/user.go
@@ -44,3 +44,13 @@ func (m *UserModel) Get(id int) (*models.User, error) {
 	}
 	return nil, models.ErrNoRecord
 }
+
+func (m *UserModel) PasswordUpdate(id int, currentPassword, newPassword string) error {
+	if id == 1 {
+		if currentPassword != "pa$$word" {
+			return models.ErrInvalidCredentials
+		}
+		return nil
+	}
+	return models.ErrNoRecord
+}
diff --git a/internal/models/users.go b/internal/models/users.go
@@ -14,6 +14,7 @@ type UserModelInterface interface {
 	Authenticate(email, password string) (int, error)
 	Exists(id int) (bool, error)
 	Get(id int) (*User, error)
+	PasswordUpdate(id int, currentPassword, newPassword string) error
 }
 
 // Define a new User type. Notice how the field names and types align
@@ -113,3 +114,43 @@ func (m *UserModel) Get(id int) (*User, error) {
 
 	return &user, nil
 }
+
+func (m *UserModel) PasswordUpdate(id int, currentPassword, newPassword string) error {
+	var user User
+	stmt := "SELECT id, name, email, hashed_password, created FROM users WHERE id = ?"
+	err := m.DB.QueryRow(stmt, id).Scan(&user.ID, &user.Name, &user.Email, &user.HashedPassword, &user.Created)
+
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return ErrNoRecord
+		} else {
+			return err
+		}
+	}
+
+	err = bcrypt.CompareHashAndPassword(user.HashedPassword, []byte(currentPassword))
+	if err != nil {
+		if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
+			return ErrInvalidCredentials
+		} else {
+			return err
+		}
+	}
+
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), 12)
+	if err != nil {
+		return err
+	}
+
+	stmt = "UPDATE users SET hashed_password = ? WHERE id = ?"
+	_, err = m.DB.Exec(stmt, hashedPassword, id)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return ErrNoRecord
+		} else {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/ui/html/pages/account.tmpl b/ui/html/pages/account.tmpl
@@ -10,12 +10,14 @@
                 <th>Name</th>
                 <th>Email</th>
                 <th>Created</th>
+                <th>Password</th>
             </tr>
             <tr>
                 <td>{{.ID}}</td>
                 <td>{{.Name}}</td>
                 <td>{{.Email}}</td>
                 <td>{{humanDate .Created}}</td>
+                <td><a href='/account/password/update'>Change Password</a></td>
             </tr>
         </table>
     </div>

Original file line number	Diff line number	Diff line change
`@@ -44,3 +44,13 @@ func (m UserModel) Get(id int) (models.User, error) {`
`44`	`44`	`}`
`45`	`45`	`return nil, models.ErrNoRecord`
`46`	`46`	`}`
	`47`	`+`
	`48`	`+func (m *UserModel) PasswordUpdate(id int, currentPassword, newPassword string) error {`
	`49`	`+ if id == 1 {`
	`50`	`+ if currentPassword != "pa$$word" {`
	`51`	`+ return models.ErrInvalidCredentials`
	`52`	`+ }`
	`53`	`+ return nil`
	`54`	`+ }`
	`55`	`+ return models.ErrNoRecord`
	`56`	`+}`