package Auth import ( "encoding/json" "io/ioutil" "net/http" "git.tovijaeschke.xyz/tovi/Envelope/Backend/Database" "git.tovijaeschke.xyz/tovi/Envelope/Backend/Models" ) type rawChangePassword struct { OldPassword string `json:"old_password"` NewPassword string `json:"new_password"` NewPasswordConfirm string `json:"new_password_confirm"` PrivateKey string `json:"private_key"` } // ChangePassword handle change password action func ChangePassword(w http.ResponseWriter, r *http.Request) { var ( user Models.User changePassword rawChangePassword requestBody []byte err error ) user, err = CheckCookieCurrentUser(w, r) if err != nil { // Don't bother showing an error here, as the middleware handles auth return } requestBody, err = ioutil.ReadAll(r.Body) if err != nil { http.Error(w, "Error", http.StatusInternalServerError) return } err = json.Unmarshal(requestBody, &changePassword) if err != nil { http.Error(w, "Error", http.StatusInternalServerError) return } if !CheckPasswordHash(changePassword.OldPassword, user.Password) { http.Error(w, "Invalid Current Password", http.StatusForbidden) return } // This should never occur, due to frontend validation if changePassword.NewPassword != changePassword.NewPasswordConfirm { http.Error(w, "Invalid New Password", http.StatusUnprocessableEntity) return } user.Password, err = HashPassword(changePassword.NewPassword) if err != nil { http.Error(w, "Error", http.StatusInternalServerError) return } // Private key doesn't change at this point, is just re-encrypted with the new password user.AsymmetricPrivateKey = changePassword.PrivateKey err = Database.UpdateUser( user.ID.String(), &user, ) if err != nil { http.Error(w, "Error", http.StatusInternalServerError) return } w.WriteHeader(http.StatusNoContent) }