Implemented ChangePassword() (now password can be changed from /settings)

A couple of UI fixes in tables
2014-02-10 13:02:44 -06:00 · 2014-02-10 13:02:44 -06:00 · eb8491c144
parent 34b93b7bf4
commit eb8491c144
4 changed files with 42 additions and 14 deletions
--- a/auth/auth.go
+++ b/auth/auth.go
@ -1,7 +1,9 @@
 package auth

 import (
+	"database/sql"
 	"encoding/gob"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@ -25,6 +27,8 @@ var Store = sessions.NewCookieStore(
 	[]byte(securecookie.GenerateRandomKey(64)), //Signing key
 	[]byte(securecookie.GenerateRandomKey(32)))

+var ErrInvalidPassword = errors.New("Invalid Password")
+
 // Login attempts to login the user given a request.
 func Login(r *http.Request) (bool, error) {
 	username, password := r.FormValue("username"), r.FormValue("password")
@ -52,7 +56,8 @@ func Login(r *http.Request) (bool, error) {
 func Register(r *http.Request) (bool, error) {
 	username, password := r.FormValue("username"), r.FormValue("password")
 	u, err := db.GetUserByUsername(username)
-	if err != nil {
+	// If we have an error which is not simply indicating that no user was found, report it
+	if err != sql.ErrNoRows {
 		return false, err
 	}
 	//If we've made it here, we should have a valid username given
@ -78,21 +83,23 @@ func GenerateSecureKey() string {
 	return fmt.Sprintf("%x", k)
 }

-func ChangePassword(u *models.User, c string, n string) bool {
+func ChangePassword(r *http.Request) error {
+	u := ctx.Get(r, "user").(models.User)
+	c, n := r.FormValue("current_password"), r.FormValue("new_password")
 	// Check the current password
 	err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c))
 	if err != nil {
-		return false
+		return ErrInvalidPassword
 	} else {
 		// Generate the new hash
 		h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost)
 		if err != nil {
-			return false
+			return err
 		}
 		u.Hash = string(h)
-		if err = db.PutUser(u); err != nil {
-			return false
+		if err = db.PutUser(&u); err != nil {
+			return err
 		}
-		return true
+		return nil
 	}
 }
--- a/controllers/route.go
+++ b/controllers/route.go
@ -142,10 +142,23 @@ func Settings(w http.ResponseWriter, r *http.Request) {
 		Token   string
 	}{Title: "Settings", User: ctx.Get(r, "user").(models.User)}
 	session := ctx.Get(r, "session").(*sessions.Session)
+	switch {
+	case r.Method == "GET":
 		params.Token = nosurf.Token(r)
 		params.Flashes = session.Flashes()
 		session.Save(r, w)
 		getTemplate(w, "settings").ExecuteTemplate(w, "base", params)
+	case r.Method == "POST":
+		err := auth.ChangePassword(r)
+		if err == auth.ErrInvalidPassword {
+			Flash(w, r, "danger", "Invalid Password")
+		} else if err != nil {
+			Flash(w, r, "danger", "Unknown Error")
+		} else {
+			Flash(w, r, "success", "Password successfully reset")
+		}
+		http.Redirect(w, r, "/settings", 302)
+	}
 }

 func Campaigns_Id(w http.ResponseWriter, r *http.Request) {
--- a/static/js/app/gophish.js
+++ b/static/js/app/gophish.js
@ -101,9 +101,16 @@ app.controller('GroupCtrl', function($scope, GroupService, ngTableParams) {
        if ($scope.newGroup) {
            newGroup.$save(function() {
                $scope.groups.push(newGroup);
+                $scope.mainTableParams.reload()
            });
        } else {
            newGroup.$update()
        }
+        $scope.group = {
+                name: '',
+                targets: [],
+                id: 0
+            };
+        $scope.editGroupTableParams.reload()
    }
 })
--- a/templates/settings.html
+++ b/templates/settings.html
@ -44,19 +44,20 @@
            <div class="row">
                <label for="current_password" class="col-sm-2 control-label form-label">Old Password:</label>
                <div class="col-md-6">
-                    <input type="password" id="current_password" class="form-control" />
+                    <input type="password" id="current_password" name="current_password" class="form-control" />
                </div>
            </div>
            <br />
            <div class="row">
                <label for="new_password" class="col-sm-2 control-label form-label">New Password:</label>
                <div class="col-md-6">
-                    <input type="password" id="new_password" class="form-control" />
+                    <input type="password" id="new_password" name="new_password" class="form-control" />
                </div>
            </div>
+            <input type="hidden" name="csrf_token" value={{%.Token%}}/>
+            <button class="btn btn-primary" type="submit">Save</button>
        </form>
        <br/>
-        <button class="btn btn-primary">Save</button>
    </div>
 </div>
 {{%end%}}