Confirm password on registration or change

Updated to confirm password when registering user or changing a
user's password.

Fixes #180

auth/auth.go

@@ -34,6 +34,9 @@ var ErrInvalidPassword = errors.New("Invalid Password")
 // or change password functions
 var ErrEmptyPassword = errors.New("Password cannot be blank")
 
+// ErrPasswordMismatch is thrown when a user provides passwords that do not match
+var ErrPasswordMismatch = errors.New("Passwords must match")
+
 // Login attempts to login the user given a request.
 func Login(r *http.Request) (bool, error) {
 	username, password := r.FormValue("username"), r.FormValue("password")
@@ -56,7 +59,9 @@ func Login(r *http.Request) (bool, error) {
 
 // Register attempts to register the user given a request.
 func Register(r *http.Request) (bool, error) {
-	username, password := r.FormValue("username"), r.FormValue("password")
+	username := r.FormValue("username")
+	password1 := r.FormValue("password")
+	password2 := r.FormValue("confirm_password")
 	u, err := models.GetUserByUsername(username)
 	// If we have an error which is not simply indicating that no user was found, report it
 	if err != nil {
@@ -64,13 +69,17 @@ func Register(r *http.Request) (bool, error) {
 		return false, err
 	}
 	u = models.User{}
-	//If we've made it here, we should have a valid username given
+	// If we've made it here, we should have a valid username given
 	// Check that the passsword isn't blank
-	if password == "" {
+	if password1 == "" {
 		return false, ErrEmptyPassword
 	}
-	//Let's create the password hash
-	h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	// Make sure passwords match
+	if password1 != password2 {
+		return false, ErrPasswordMismatch
+	}
+	// Let's create the password hash
+	h, err := bcrypt.GenerateFromPassword([]byte(password1), bcrypt.DefaultCost)
 	if err != nil {
 		return false, err
 	}
@@ -92,18 +101,24 @@ func GenerateSecureKey() string {
 
 func ChangePassword(r *http.Request) error {
 	u := ctx.Get(r, "user").(models.User)
-	c, n := r.FormValue("current_password"), r.FormValue("new_password")
+	currentPw := r.FormValue("current_password")
+	pw1 := r.FormValue("new_password")
+	pw2 := r.FormValue("confirm_new_password")
 	// Check the current password
-	err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c))
+	err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(currentPw))
 	if err != nil {
 		return ErrInvalidPassword
 	}
 	// Check that the new password isn't blank
-	if n == "" {
+	if pw1 == "" {
 		return ErrEmptyPassword
 	}
+	// Check that new passwords match
+	if pw1 != pw2 {
+		return ErrPasswordMismatch
+	}
 	// Generate the new hash
-	h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost)
+	h, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost)
 	if err != nil {
 		return err
 	}

static/css/main.css

@@ -57,12 +57,19 @@
   .form-signin .form-control:focus {
       z-index: 2;
   }
-  .form-signin input[type="text"] {
+  .form-signin .top-input {
       margin-bottom: -1px;
       border-bottom-left-radius: 0;
       border-bottom-right-radius: 0;
   }
-  .form-signin input[type="password"] {
+  .form-signin .middle-input {
+      margin-bottom: -1px;
+      border-top-left-radius: 0;
+      border-top-right-radius: 0;
+      border-bottom-left-radius: 0;
+      border-bottom-right-radius: 0;
+  }
+  .form-signin .bottom-input {
       margin-bottom: 10px;
       border-top-left-radius: 0;
       border-top-right-radius: 0;

templates/login.html

@@ -52,8 +52,8 @@
             <img id="logo" src="/images/logo_purple.png" />
             <h2 class="form-signin-heading">Please sign in</h2>
             {{template "flashes" .Flashes}}
-            <input type="text" name="username" class="form-control" placeholder="Username" required autofocus>
-            <input type="password" name="password" class="form-control" placeholder="Password" required>
+            <input type="text" name="username" class="form-control top-input" placeholder="Username" required autofocus>
+            <input type="password" name="password" class="form-control bottom-input" placeholder="Password" required>
             <input type="hidden" name="csrf_token" value="{{.Token}}"/>
             <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
         </form>

templates/register.html

@@ -52,8 +52,9 @@
             <img id="logo" src="/images/logo_purple.png" />
             <h2 class="form-signin-heading">Please register below</h2>
             {{template "flashes" .Flashes}}
-            <input type="text" name="username" class="form-control" placeholder="Username" required autofocus/>
-            <input type="password" name="password" class="form-control" placeholder="Password" required/>
+            <input type="text" name="username" class="form-control top-input" placeholder="Username" required autofocus/>
+            <input type="password" name="password" class="form-control middle-input" placeholder="Password" required/>
+            <input type="password" name="confirm_password" class="form-control bottom-input" placeholder="Confirm Password" required/>
             <input type="hidden" name="csrf_token" value="{{.Token}}"/>
             <button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
         </form>

templates/settings.html

@@ -70,6 +70,13 @@
                 <input type="password" id="new_password" name="new_password" class="form-control" />
             </div>
         </div>
+        <br />
+        <div class="row">
+            <label for="confirm_new_password" class="col-sm-2 control-label form-label">Confirm New Password:</label>
+            <div class="col-md-6">
+                <input type="password" id="confirm_new_password" name="confirm_new_password" class="form-control" />
+            </div>
+        </div>
         <input type="hidden" name="csrf_token" value="{{.Token}}"/>
         <br />
 	<button class="btn btn-primary" type="submit"><i class="fa fa-save"></i> Save</button>