From e39ae8dfdda09bf2ee9cf5d20bb167a9c462c7d4 Mon Sep 17 00:00:00 2001 From: Rob Cutmore Date: Wed, 2 Mar 2016 08:30:46 -0500 Subject: [PATCH] Confirm password on registration or change Updated to confirm password when registering user or changing a user's password. Fixes #180 --- auth/auth.go | 33 ++++++++++++++++++++++++--------- static/css/main.css | 13 ++++++++++--- templates/login.html | 4 ++-- templates/register.html | 5 +++-- templates/settings.html | 7 +++++++ 5 files changed, 46 insertions(+), 16 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index 9ce86a3b..fe52ec38 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -34,6 +34,9 @@ var ErrInvalidPassword = errors.New("Invalid Password") // or change password functions var ErrEmptyPassword = errors.New("Password cannot be blank") +// ErrPasswordMismatch is thrown when a user provides passwords that do not match +var ErrPasswordMismatch = errors.New("Passwords must match") + // Login attempts to login the user given a request. func Login(r *http.Request) (bool, error) { username, password := r.FormValue("username"), r.FormValue("password") @@ -56,7 +59,9 @@ func Login(r *http.Request) (bool, error) { // Register attempts to register the user given a request. func Register(r *http.Request) (bool, error) { - username, password := r.FormValue("username"), r.FormValue("password") + username := r.FormValue("username") + password1 := r.FormValue("password") + password2 := r.FormValue("confirm_password") u, err := models.GetUserByUsername(username) // If we have an error which is not simply indicating that no user was found, report it if err != nil { @@ -64,13 +69,17 @@ func Register(r *http.Request) (bool, error) { return false, err } u = models.User{} - //If we've made it here, we should have a valid username given + // If we've made it here, we should have a valid username given // Check that the passsword isn't blank - if password == "" { + if password1 == "" { return false, ErrEmptyPassword } - //Let's create the password hash - h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + // Make sure passwords match + if password1 != password2 { + return false, ErrPasswordMismatch + } + // Let's create the password hash + h, err := bcrypt.GenerateFromPassword([]byte(password1), bcrypt.DefaultCost) if err != nil { return false, err } @@ -92,18 +101,24 @@ func GenerateSecureKey() string { func ChangePassword(r *http.Request) error { u := ctx.Get(r, "user").(models.User) - c, n := r.FormValue("current_password"), r.FormValue("new_password") + currentPw := r.FormValue("current_password") + pw1 := r.FormValue("new_password") + pw2 := r.FormValue("confirm_new_password") // Check the current password - err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c)) + err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(currentPw)) if err != nil { return ErrInvalidPassword } // Check that the new password isn't blank - if n == "" { + if pw1 == "" { return ErrEmptyPassword } + // Check that new passwords match + if pw1 != pw2 { + return ErrPasswordMismatch + } // Generate the new hash - h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost) + h, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost) if err != nil { return err } diff --git a/static/css/main.css b/static/css/main.css index 590b6779..f1812d09 100644 --- a/static/css/main.css +++ b/static/css/main.css @@ -57,12 +57,19 @@ .form-signin .form-control:focus { z-index: 2; } - .form-signin input[type="text"] { + .form-signin .top-input { margin-bottom: -1px; border-bottom-left-radius: 0; border-bottom-right-radius: 0; } - .form-signin input[type="password"] { + .form-signin .middle-input { + margin-bottom: -1px; + border-top-left-radius: 0; + border-top-right-radius: 0; + border-bottom-left-radius: 0; + border-bottom-right-radius: 0; + } + .form-signin .bottom-input { margin-bottom: 10px; border-top-left-radius: 0; border-top-right-radius: 0; @@ -375,7 +382,7 @@ table.dataTable thead .sorting_desc:after { opacity: .8 !important; } td.details-control{ - cursor:pointer; + cursor:pointer; } .timeline{ text-align:left; diff --git a/templates/login.html b/templates/login.html index 124ae407..e75cee9e 100644 --- a/templates/login.html +++ b/templates/login.html @@ -52,8 +52,8 @@

Please sign in

{{template "flashes" .Flashes}} - - + + diff --git a/templates/register.html b/templates/register.html index 1dfe10d4..5ddab3b7 100644 --- a/templates/register.html +++ b/templates/register.html @@ -52,8 +52,9 @@

Please register below

{{template "flashes" .Flashes}} - - + + + diff --git a/templates/settings.html b/templates/settings.html index c636a895..761ad163 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -70,6 +70,13 @@ +
+
+ +
+ +
+