Skip to content

Commit

Permalink
Adds previous password check for password updating
Browse files Browse the repository at this point in the history
  • Loading branch information
@vladComan0
vladComan0 committed Dec 10, 2023
1 parent 038c9b9 commit 243764b
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 0 deletions.
6 changes: 6 additions & 0 deletions cmd/web/handlers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,6 +284,7 @@ func (app *application) accountPasswordUpdatePost(w http.ResponseWriter, r *http
form.CheckField(validator.NotBlank(form.NewPassword), "newPassword", "This field cannot be blank.")
form.CheckField(validator.MinChars(form.NewPassword, PASSWORD_LENGTH), "newPassword", "This field must be at least 8 characters long.")

form.CheckField(validator.NotBlank(form.NewPasswordConfirmation), "newPasswordConfirmation", "This field cannot be blank.")
form.CheckField(validator.Compare(form.NewPassword, form.NewPasswordConfirmation), "newPasswordConfirmation", "Passwords do not match.")

if !form.Valid() {
Expand All @@ -301,6 +302,11 @@ func (app *application) accountPasswordUpdatePost(w http.ResponseWriter, r *http
data := app.newTemplateData(r)
data.Form = form
app.render(w, http.StatusUnprocessableEntity, "password.tmpl.html", data)
case errors.Is(err, models.ErrSamePassword):
form.AddFieldError("newPassword", "New password cannot be the same as the current password.")
data := app.newTemplateData(r)
data.Form = form
app.render(w, http.StatusUnprocessableEntity, "password.tmpl.html", data)
default:
app.serverError(w, err)
}
Expand Down
1 change: 1 addition & 0 deletions internal/models/errors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ import "errors"
var ErrNoRecord = errors.New("models: no matching record found")

Check failure on line 5 in internal/models/errors.go

View workflow job for this annotation

GitHub Actions / audit 

exported var ErrNoRecord should have comment or be unexported
var ErrInvalidCredentials = errors.New("models: invalid credentials")

Check failure on line 6 in internal/models/errors.go

View workflow job for this annotation

GitHub Actions / audit 

exported var ErrInvalidCredentials should have comment or be unexported
var ErrDuplicateEmail = errors.New("models: duplicate email")

Check failure on line 7 in internal/models/errors.go

View workflow job for this annotation

GitHub Actions / audit 

exported var ErrDuplicateEmail should have comment or be unexported
var ErrSamePassword = errors.New("models: same password")

Check failure on line 8 in internal/models/errors.go

View workflow job for this annotation

GitHub Actions / audit 

exported var ErrSamePassword should have comment or be unexported
4 changes: 4 additions & 0 deletions internal/models/users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,10 @@ func (m *UserModel) UpdatePassword(id int, currentPassword, newPassword string)
}
}

if err := bcrypt.CompareHashAndPassword(hashedCurrentPassword, []byte(newPassword)); err == nil {
return ErrSamePassword
}

hashedNewPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), COST)
if err != nil {
return err
Expand Down

0 comments on commit 243764b

Please sign in to comment.