41733c50bd
Didn't have the chance to migrate //all// templates just yet. We'll get there.
* Implement yet another template system
* Move orphans to the new system and fix a bug in it
* Link orphans in the admin panel
* Move the backlink handlers to the web package
* Move auth routing to web
* Move /user-list to the new system
* Move change password and translate it
* Move stuff
* Move admin-related stuff to the web
* Move a lot of files into internal dir
Outside of it are web and stuff that needs further refactoring
* Fix static not loading and de-qtpl tree
* Move tree to internal
* Keep the globe on the same line #230
* Revert "Keep the globe on the same line #230"
This reverts commit ae78e5e459.
* Migrate templates from hypview: delete, edit, start empty and existing WIP
The delete media view was removed, I didn't even know it still existed as a GET. A rudiment.
* Make views multi-file and break compilation
* Megarefactoring of hypha views
* Auth-related stuffs
* Fix some of those weird imports
* Migrate cat views
* Fix cat js
* Lower standards
* Internalize trauma
68 lines
1.6 KiB
Go
68 lines
1.6 KiB
Go
package web
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/bouncepaw/mycorrhiza/internal/user"
|
|
"github.com/bouncepaw/mycorrhiza/util"
|
|
"github.com/bouncepaw/mycorrhiza/web/viewutil"
|
|
"mime"
|
|
"net/http"
|
|
"reflect"
|
|
)
|
|
|
|
func handlerUserChangePassword(w http.ResponseWriter, rq *http.Request) {
|
|
u := user.FromRequest(rq)
|
|
// TODO: is there a better way?
|
|
if reflect.DeepEqual(u, user.EmptyUser()) || u == nil {
|
|
util.HTTP404Page(w, "404 page not found")
|
|
return
|
|
}
|
|
|
|
f := util.FormDataFromRequest(rq, []string{"current_password", "password", "password_confirm"})
|
|
currentPassword := f.Get("current_password")
|
|
|
|
if user.CredentialsOK(u.Name, currentPassword) {
|
|
password := f.Get("password")
|
|
passwordConfirm := f.Get("password_confirm")
|
|
// server side validation
|
|
if password == "" {
|
|
err := fmt.Errorf("passwords should not be empty")
|
|
f = f.WithError(err)
|
|
}
|
|
if password == passwordConfirm {
|
|
previousPassword := u.Password // for rollback
|
|
if err := u.ChangePassword(password); err != nil {
|
|
f = f.WithError(err)
|
|
} else {
|
|
if err := user.SaveUserDatabase(); err != nil {
|
|
u.Password = previousPassword
|
|
f = f.WithError(err)
|
|
} else {
|
|
http.Redirect(w, rq, "/", http.StatusSeeOther)
|
|
return
|
|
}
|
|
}
|
|
} else {
|
|
err := fmt.Errorf("passwords do not match")
|
|
f = f.WithError(err)
|
|
}
|
|
} else {
|
|
// TODO: handle first attempt different
|
|
err := fmt.Errorf("incorrect password")
|
|
f = f.WithError(err)
|
|
}
|
|
|
|
if f.HasError() {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
}
|
|
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
|
|
|
|
_ = pageChangePassword.RenderTo(
|
|
viewutil.MetaFrom(w, rq),
|
|
map[string]any{
|
|
"Form": f,
|
|
"U": u,
|
|
},
|
|
)
|
|
}
|