CHANGE: refractor + refined user routes, added change pw form and function

Backend/endpoints/user.go

@@ -18,24 +18,42 @@ func CreateSessionManager(lifetime time.Duration) *scs.SessionManager {
 	Session.Lifetime = lifetime
 	return Session
 }
-
-func LoginHandler(w http.ResponseWriter, r *http.Request){
-	switch r.Method{
-		case http.MethodGet: showForm(w, r, false)
+func LoginHandler(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case http.MethodGet:
+		showLoginForm(w, r, false)
 		break
-		case http.MethodPost: loginUser(w, r)
+	case http.MethodPost:
+		loginUser(w, r)
 		break
-		default:
-		showForm(w, r, false)
+	default:
+		showLoginForm(w, r, false)
 		break
 	}
 }
 
-func showForm(w http.ResponseWriter, r *http.Request, failed bool){
+func UserHandler(w http.ResponseWriter, r *http.Request) {
+	if !Session.Exists(r.Context(), "user") {
+		http.Redirect(w, r, "/user/login", http.StatusTemporaryRedirect)
+	}
+	switch r.Method {
+	case http.MethodGet:
+		showPWForm(w, r, 0)
+		break
+	case http.MethodPost:
+		changePassword(w, r)
+		break
+	default:
+		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
+		break
+	}
+}
+
+func showLoginForm(w http.ResponseWriter, r *http.Request, failed bool) {
 	templates.LoginForm(failed).Render(r.Context(), w)
 }
 
-func loginUser(w http.ResponseWriter, r *http.Request){
+func loginUser(w http.ResponseWriter, r *http.Request) {
 	err := r.ParseForm()
 	if err != nil {
 		log.Println("Error parsing form!", err)
@@ -43,32 +61,64 @@ func loginUser(w http.ResponseWriter, r *http.Request){
 		return
 	}
 	_personal_nummer := r.FormValue("personal_nummer")
-	if(_personal_nummer == ""){
+	if _personal_nummer == "" {
 		log.Println("No personal_nummer provided!")
 		http.Error(w, "No personal_nummer provided", http.StatusBadRequest)
 		return
 	}
 	personal_nummer, err := strconv.Atoi(_personal_nummer)
-	if(err != nil){
+	if err != nil {
 		log.Println("Cannot parse personal nubmer!")
 		http.Error(w, "Cannot parse number", http.StatusBadRequest)
 		return
 	}
 
 	user, err := (*models.User).GetByPersonalNummer(nil, personal_nummer)
-	if(err != nil){
+	if err != nil {
 		log.Println("No user found under this personal number!")
 		http.Error(w, "No user found!", http.StatusNotFound)
 	}
 
 	password := r.FormValue("password")
-	if(user.Login(password)){
+	if user.Login(password) {
 		log.Printf("New succesfull user login from %s %s!\n", user.Vorname, user.Name)
 		Session.Put(r.Context(), "user", user.PersonalNummer)
 		http.Redirect(w, r, "/time", http.StatusSeeOther) //with this browser always uses GET
-	}else{
-		showForm(w, r, true)
+	} else {
+		showLoginForm(w, r, true)
 	}
-
-showForm(w, r, false)
+	showLoginForm(w, r, false)
+}
+
+// change user password and store salted hash in db
+func changePassword(w http.ResponseWriter, r *http.Request) {
+	err := r.ParseForm()
+	if err != nil {
+		log.Println("Error parsing form!", err)
+		http.Error(w, "Error parsing form error", http.StatusBadRequest)
+		return
+	}
+	password := r.FormValue("password")
+	newPassword := r.FormValue("new_password")
+	if password == "" || newPassword == "" || newPassword != r.FormValue("new_password_repeat") {
+		showPWForm(w, r, http.StatusBadRequest)
+	}
+	user, err := (*models.User).GetByPersonalNummer(nil, Session.GetInt(r.Context(), "user"))
+	if err != nil {
+		log.Println("Error getting user!", err)
+		showPWForm(w, r, http.StatusBadRequest)
+	}
+	auth, err := user.ChangePass(password, newPassword)
+	if err != nil {
+		log.Println("Error when changing password!", err)
+	}
+	if auth {
+		showPWForm(w, r, http.StatusOK)
+		return
+	}
+	showPWForm(w, r, http.StatusUnauthorized)
+}
+
+func showPWForm(w http.ResponseWriter, r *http.Request, status int) {
+	templates.UserForm(status).Render(r.Context(), w)
 }