ChangeUserPassword Handler + API

2024-04-17 22:04:23 +02:00 · 2024-04-17 22:04:23 +02:00 · 0176f78067
commit 0176f78067
parent 47d4bda99b
8 changed files with 163 additions and 7 deletions
--- a/backend/internal/database/db.go
+++ b/backend/internal/database/db.go
@ -48,6 +48,7 @@ type Database interface {
 	UnsignWeeklyReport(reportId int, projectManagerId int) error
 	DeleteReport(reportID int) error
 	ChangeProjectName(projectName string, newProjectName string) error
+	ChangeUserPassword(username string, password string) error
 }

 // This struct is a wrapper type that holds the database connection
@ -677,3 +678,8 @@ func (d *Db) ChangeProjectName(projectName string, newProjectName string) error
 	_, err := d.Exec("UPDATE projects SET name = ? WHERE name = ?", newProjectName, projectName)
 	return err
 }
+
+func (d *Db) ChangeUserPassword(username string, password string) error {
+	_, err := d.Exec("UPDATE users SET password = ? WHERE username = ?", password, username)
+	return err
+}
--- a/backend/internal/database/db_test.go
+++ b/backend/internal/database/db_test.go
@ -1120,3 +1120,25 @@ func TestChangeProjectName(t *testing.T) {
 		t.Error("ChangeProjectName failed: expected newprojectname, got", projects[0].Name)
 	}
 }
+
+func TestChangeUserPassword(t *testing.T) {
+	db, err := setupState()
+	if err != nil {
+		t.Error("setupState failed:", err)
+	}
+
+	// Add a user
+	_ = db.AddUser("testuser", "password")
+
+	// Change user password
+	err = db.ChangeUserPassword("testuser", "newpassword")
+	if err != nil {
+		t.Error("ChangeUserPassword failed:", err)
+	}
+
+	// Check if the password was changed
+	if !db.CheckUser("testuser", "newpassword") {
+		t.Error("ChangeUserPassword failed: password not changed")
+	}
+
+}
--- a/backend/internal/handlers/projects/ChangeProjectName.go
+++ b/backend/internal/handlers/projects/ChangeProjectName.go
@ -20,16 +20,17 @@ func ChangeProjectName(c *fiber.Ctx) error {
 	projectName := c.Params("projectName")
 	newProjectName := c.Query("newProjectName")

-	// Check if user is project manager
-	ismanager, err := db.GetDb(c).IsProjectManager(username, projectName)
+	// Check if user is site admin
+	issiteadmin, err := db.GetDb(c).IsSiteAdmin(username)
 	if err != nil {
-		log.Warn("Error checking if projectmanager:", err)
+		log.Warn("Error checking if siteadmin:", err)
 		return c.Status(500).SendString(err.Error())
-	} else if !ismanager {
-		log.Warn("User is not projectmanager")
-		return c.Status(401).SendString("User is not projectmanager")
+	} else if !issiteadmin {
+		log.Warn("User is not siteadmin")
+		return c.Status(401).SendString("User is not siteadmin")
 	}

+
 	// Perform the project name change
 	err = db.GetDb(c).ChangeProjectName(projectName, newProjectName)
 	if err != nil {
--- a/backend/internal/handlers/users/ChangeUserPassword.go
+++ b/backend/internal/handlers/users/ChangeUserPassword.go
@ -0,0 +1,42 @@
+package users
+
+import (
+	db "ttime/internal/database"
+
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/log"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// ChangeUserPassword is a handler that changes the password of a user
+func ChangeUserPassword(c *fiber.Ctx) error {
+
+	//Check token and get username of current user
+	user := c.Locals("user").(*jwt.Token)
+	claims := user.Claims.(jwt.MapClaims)
+	admin := claims["name"].(string)
+
+	// Extract the necessary parameters from the request
+	username := c.Params("username")
+	newPassword := c.Query("newPassword")
+
+	// Check if user is site admin
+	issiteadmin, err := db.GetDb(c).IsSiteAdmin(admin)
+	if err != nil {
+		log.Warn("Error checking if siteadmin:", err)
+		return c.Status(500).SendString(err.Error())
+	} else if !issiteadmin {
+		log.Warn("User is not siteadmin")
+		return c.Status(401).SendString("User is not siteadmin")
+	}
+
+	// Perform the password change
+	err = db.GetDb(c).ChangeUserPassword(username, newPassword)
+	if err != nil {
+		log.Warn("Error changing password:", err)
+		return c.Status(500).SendString(err.Error())
+	}
+
+	// Return a success message
+	return c.Status(200).SendString("Password changed successfully")
+}
--- a/backend/main.go
+++ b/backend/main.go
@ -110,6 +110,7 @@ func main() {
 	api.Post("/promoteToAdmin", users.PromoteToAdmin)
 	api.Put("/changeUserName", users.ChangeUserName)
 	api.Delete("/userdelete/:username", users.UserDelete) // Perhaps just use POST to avoid headaches
+	api.Put("/changeUserPassword/:username", users.ChangeUserPassword)

 	// All project related routes
 	// projectGroup := api.Group("/project") // Not currently in use