Creating backend to handler password resets

2024-08-21 12:54:25 +02:00
parent 333499f76e
commit b98b61aa76
8 changed files with 77 additions and 6 deletions
--- a/cmd/api/handlers-api.go
+++ b/cmd/api/handlers-api.go
@ -14,6 +14,7 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/stripe/stripe-go/v79"
 	"golang.org/x/crypto/bcrypt"
 )
 type stripePayload struct {
@ -465,3 +466,45 @@ func (app *application) SendPasswordResetEmail(w http.ResponseWriter, r *http.Re
 	app.writeJSON(w, http.StatusCreated, resp)
 }
 func (app *application) ResetPassword(w http.ResponseWriter, r *http.Request) {
 	var payload struct {
 		Email    string `json:"email"`
 		Password string `json:"password"`
 	}
 	err := app.readJSON(w, r, &payload)
 	if err != nil {
 		app.errorLog.Println(err)
 		app.badRequest(w, r, err)
 		return
 	}
 	user, err := app.DB.GetUserByEmail(payload.Email)
 	if err != nil {
 		app.errorLog.Println(err)
 		app.badRequest(w, r, err)
 		return
 	}
 	newHash, err := bcrypt.GenerateFromPassword([]byte(payload.Password), 12)
 	if err != nil {
 		app.errorLog.Println(err)
 		app.badRequest(w, r, err)
 		return
 	}
 	err = app.DB.UpdatePasswordForUser(user, string(newHash))
 	if err != nil {
 		app.badRequest(w, r, err)
 		return
 	}
 	var resp struct {
 		Error   bool   `json:"error"`
 		Message string `json:"message"`
 	}
 	resp.Error = false
 	resp.Message = "Password reset."
 	app.writeJSON(w, http.StatusCreated, resp)
 }
--- a/cmd/api/routes-api.go
+++ b/cmd/api/routes-api.go
@ -27,13 +27,14 @@ func (app *application) routes() http.Handler {
 	mux.Route("/api/admin", func(mux chi.Router) {
 		mux.Use(app.Auth)
-		mux.Get("/test", func(w http.ResponseWriter, r *http.Request) {
+		// mux.Get("/test", func(w http.ResponseWriter, r *http.Request) {
-			w.Write([]byte("got in"))
+		// 	w.Write([]byte("got in"))
-		})
+		// })
 		mux.Post("/virtual-terminal-succeeded", app.VirtualTerminalPaymentSucceeded)
 	})
 	mux.Post("/api/forgot-password", app.SendPasswordResetEmail)
 	mux.Post("/api/reset-password", app.ResetPassword)
 	return mux
 }
--- a/cmd/api/templates/password-reset.html.gohtml
+++ b/cmd/api/templates/password-reset.html.gohtml
@ -12,6 +12,7 @@
        <p>
            <a href="{{.Link}}">{{.Link}}</a>
        </p>
        <p>This link expires in 10 minutes.</p>
        <p>
            --
            <br>
--- a/cmd/api/templates/password-reset.plain.gohtml
+++ b/cmd/api/templates/password-reset.plain.gohtml
@ -7,6 +7,8 @@ Click on the link below to get started:
 {{.Link}}
 This link expires in 10 minutes.
 --
 Widget Co.
 {{ end }}
--- a/cmd/web/handlers.go
+++ b/cmd/web/handlers.go
@ -340,6 +340,13 @@ func (app *application) ShowResetPassword(w http.ResponseWriter, r *http.Request
 		return
 	}
 	// make sure not expired
 	expired := signer.Expired(testURL, 10)
 	if expired {
 		app.errorLog.Println("Link expired")
 		return
 	}
 	data := make(map[string]interface{})
 	data["email"] = r.URL.Query().Get("email")
 	if err := app.renderTemplate(w, r, "reset-password", &templateData{
--- a/cmd/web/templates/reset-password.page.gohtml
+++ b/cmd/web/templates/reset-password.page.gohtml
@ -44,7 +44,7 @@ Reset Password
 <script type="module">
    import {reset} from "/static/js/login.js"
    document.getElementById("reset-btn").addEventListener("click", () => {
-        reset({{.API}});
+        reset({{.API}}, {{index .Data "email"}});
    })
 </script>
 {{end}}
--- a/internal/models/models.go
+++ b/internal/models/models.go
@ -280,3 +280,16 @@ func (m *DBModel) Authenticate(email, password string) (int, error) {
 	return id, nil
 }
 func (m *DBModel) UpdatePasswordForUser(u User, hash string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
 	defer cancel()
 	stmt := `UPDATE users SET password = ? where id = ?`
 	_, err := m.DB.ExecContext(ctx, stmt, hash, u.ID)
 	if err != nil {
 		return err
 	}
 	return nil
 }
--- a/static/js/login.js
+++ b/static/js/login.js
@ -81,7 +81,7 @@ export function forgot(api) {
        });
 }
-export function reset(api) {
+export function reset(api, email) {
    let form = document.getElementById("reset-form");
    if (form.checkValidity() === false) {
@ -98,7 +98,8 @@ export function reset(api) {
    }
    let payload = {
-        email: document.getElementById("email").value,
+        password: document.getElementById("password").value,
        email: email,
    };
    const requestOptions = {
@ -116,6 +117,9 @@ export function reset(api) {
            console.log(response)
            if (response.error === false) {
                showSuccess("reset-messages", "Password reset")
                setTimeout(function () {
                    location.href = "/login"
                }, 2000)
            } else {
                showError("reset-messages", response.message)
            }