added userLogout fixed #15, #10

Backend/endpoints/user-settings.go

@@ -0,0 +1,76 @@
+package endpoints
+
+import (
+	"arbeitszeitmessung/helper"
+	"arbeitszeitmessung/models"
+	"arbeitszeitmessung/templates"
+	"log"
+	"net/http"
+)
+
+func UserSettingsHandler(w http.ResponseWriter, r *http.Request) {
+	helper.RequiresLogin(Session, w, r)
+	switch r.Method {
+	case http.MethodGet:
+		showUserPage(w, r, 0)
+		break
+	case http.MethodPost:
+		switch r.FormValue("action") {
+		case "change-pass":
+			changePassword(w, r)
+			break
+		case "logout-user":
+			logoutUser(w, r)
+			break
+		}
+
+		break
+	default:
+		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
+		break
+	}
+}
+
+// change user password and store salted hash in db
+func changePassword(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		log.Println("Error parsing form!", err)
+		http.Error(w, "Error parsing form error", http.StatusBadRequest)
+		return
+	}
+	password := r.FormValue("password")
+	newPassword := r.FormValue("new_password")
+	if password == "" || newPassword == "" || newPassword != r.FormValue("new_password_repeat") {
+		showUserPage(w, r, http.StatusBadRequest)
+		return
+	}
+	user, err := (*models.User).GetByPersonalNummer(nil, Session.GetInt(r.Context(), "user"))
+	if err != nil {
+		log.Println("Error getting user!", err)
+		showUserPage(w, r, http.StatusBadRequest)
+	}
+	auth, err := user.ChangePass(password, newPassword)
+	if err != nil {
+		log.Println("Error when changing password!", err)
+	}
+	if auth {
+		showUserPage(w, r, http.StatusAccepted)
+		return
+	}
+	showUserPage(w, r, http.StatusUnauthorized)
+}
+
+func logoutUser(w http.ResponseWriter, r *http.Request) {
+
+	err := Session.Destroy(r.Context())
+	if err != nil {
+		log.Println("Error destroying session!", err)
+	}
+	http.Redirect(w, r, "/user/login", http.StatusSeeOther)
+}
+
+func showUserPage(w http.ResponseWriter, r *http.Request, status int) {
+	templates.UserPage(status).Render(r.Context(), w)
+	return
+}