From 2ba2fa4d7da90b2a44f2e75177861b2748e5c469 Mon Sep 17 00:00:00 2001 From: Ben Visness Date: Thu, 4 May 2023 23:21:22 -0500 Subject: [PATCH] Allow password changes when you don't have one yet --- src/templates/src/user_settings.html | 14 ++++---- src/website/user.go | 48 +++++++++++++++++----------- 2 files changed, 37 insertions(+), 25 deletions(-) diff --git a/src/templates/src/user_settings.html b/src/templates/src/user_settings.html index 68ef0fc..7b82eca 100644 --- a/src/templates/src/user_settings.html +++ b/src/templates/src/user_settings.html @@ -81,18 +81,20 @@
-
-
Old password:
-
- + {{ if .HasPassword }} +
+
Old password:
+
+ +
-
+ {{ end }}
New password:
- Your password must be 8 or more characters, and must differ from your username and current password. + Your password must be 8 or more characters, and must differ from your username{{ if .HasPassword }} and current password{{ end }}. Other than that, please follow best practices.
diff --git a/src/website/user.go b/src/website/user.go index f2c76f3..d72e5ed 100644 --- a/src/website/user.go +++ b/src/website/user.go @@ -213,10 +213,11 @@ func UserSettings(c *RequestContext) ResponseData { AvatarMaxFileSize int DefaultAvatarUrl string - User templates.User - Email string // these fields are handled specially on templates.User - ShowEmail bool - LinksText string + User templates.User + Email string // these fields are handled specially on templates.User + ShowEmail bool + LinksText string + HasPassword bool SubmitUrl string ContactUrl string @@ -292,6 +293,7 @@ func UserSettings(c *RequestContext) ResponseData { Email: c.CurrentUser.Email, ShowEmail: c.CurrentUser.ShowEmail, LinksText: linksText, + HasPassword: c.CurrentUser.Password != "", SubmitUrl: hmnurl.BuildUserSettings(""), ContactUrl: hmnurl.BuildContactPage(), @@ -424,7 +426,13 @@ func UserSettingsSave(c *RequestContext) ResponseData { // Update password oldPassword := form.Get("old_password") newPassword := form.Get("new_password") - if oldPassword != "" && newPassword != "" { + var doChangePassword bool + if c.CurrentUser.Password == "" { + doChangePassword = newPassword != "" + } else { + doChangePassword = oldPassword != "" && newPassword != "" + } + if doChangePassword { errorRes := updatePassword(c, tx, oldPassword, newPassword) if errorRes != nil { return *errorRes @@ -558,25 +566,27 @@ func UserProfileAdminNuke(c *RequestContext) ResponseData { } func updatePassword(c *RequestContext, tx pgx.Tx, old, new string) *ResponseData { - oldHashedPassword, err := auth.ParsePasswordString(c.CurrentUser.Password) - if err != nil { - c.Logger.Warn().Err(err).Msg("failed to parse user's password string") - return nil - } + if c.CurrentUser.Password != "" { + oldHashedPassword, err := auth.ParsePasswordString(c.CurrentUser.Password) + if err != nil { + c.Logger.Warn().Err(err).Msg("failed to parse user's password string") + return nil + } - ok, err := auth.CheckPassword(old, oldHashedPassword) - if err != nil { - res := c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to check user's password")) - return &res - } + ok, err := auth.CheckPassword(old, oldHashedPassword) + if err != nil { + res := c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to check user's password")) + return &res + } - if !ok { - res := c.RejectRequest("The old password you provided was not correct.") - return &res + if !ok { + res := c.RejectRequest("The old password you provided was not correct.") + return &res + } } newHashedPassword := auth.HashPassword(new) - err = auth.UpdatePassword(c, tx, c.CurrentUser.Username, newHashedPassword) + err := auth.UpdatePassword(c, tx, c.CurrentUser.Username, newHashedPassword) if err != nil { res := c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to update password")) return &res