update user reset password

Signed-off-by: yxxhero <[email protected]>
dragonflyoss · Aug 31, 2021 · cedf68a · cedf68a
1 parent 1e42522
commit cedf68a
Show file tree

Hide file tree

Showing 6 changed files with 102 additions and 5 deletions.
diff --git a/manager/handlers/user.go b/manager/handlers/user.go
@@ -49,6 +49,37 @@ func (h *Handlers) SignUp(ctx *gin.Context) {
 	ctx.JSON(http.StatusOK, user)
 }
 
+// @Summary Reset Password For User
+// @Description reset password for user by json config
+// @Tags User
+// @Accept json
+// @Produce json
+// @Param User body types.ResetPasswordRequest true "User"
+// @Success 200
+// @Failure 400
+// @Failure 500
+// @Router /users/:id/reset_password [post]
+func (h *Handlers) ResetPassword(ctx *gin.Context) {
+	var params types.UserIDRequest
+	if err := ctx.ShouldBindUri(&params); err != nil {
+		ctx.JSON(http.StatusUnprocessableEntity, gin.H{"errors": err.Error()})
+		return
+	}
+	var json types.ResetPasswordRequest
+	if err := ctx.ShouldBindJSON(&json); err != nil {
+		ctx.JSON(http.StatusUnprocessableEntity, gin.H{"errors": err.Error()})
+		return
+	}
+
+	err := h.Service.ResetPassword(params.ID, ctx.GetString("userName"), json)
+	if err != nil {
+		ctx.Error(err)
+		return
+	}
+
+	ctx.Status(http.StatusOK)
+}
+
 // @Summary Delete Role For User
 // @Description Delete Role For User by uri config
 // @Tags users

diff --git a/manager/router/router.go b/manager/router/router.go
@@ -83,8 +83,11 @@ func Init(console bool, verbose bool, publicPath string, service service.REST, e
 	ai.POST("/signin", jwt.LoginHandler)
 	ai.POST("/signout", jwt.LogoutHandler)
 	ai.POST("/refresh_token", jwt.RefreshHandler)
-	ai.POST("/:id/roles/:role_name", h.AddRoleToUser)
-	ai.DELETE("/:id/roles/:role_name", h.DeleteRoleForUser)
+	ai.POST("/reset_password", h.ResetPassword)
+
+	ai.POST("/:id/roles/:role_name", h.AddRoleToUser, jwt.MiddlewareFunc(), rbac)
+	ai.DELETE("/:id/roles/:role_name", h.DeleteRoleForUser, jwt.MiddlewareFunc(), rbac)
+
 	ai.POST("/signup", h.SignUp)
 
 	// Scheduler Cluster

diff --git a/manager/service/service.go b/manager/service/service.go
@@ -30,8 +30,9 @@ import (
 )
 
 type REST interface {
-	SignIn(json types.SignInRequest) (*model.User, error)
-	SignUp(json types.SignUpRequest) (*model.User, error)
+	SignIn(types.SignInRequest) (*model.User, error)
+	SignUp(types.SignUpRequest) (*model.User, error)
+	ResetPassword(uint, string, types.ResetPasswordRequest) error
 
 	AddRoleForUser(uint, string) error
 	DeleteRoleForUser(uint, string) error

diff --git a/manager/service/settings.go b/manager/service/settings.go
@@ -1,11 +1,21 @@
 package service
 
 import (
+	"errors"
+
 	"d7y.io/dragonfly/v2/manager/model"
 	"d7y.io/dragonfly/v2/manager/types"
+	"d7y.io/dragonfly/v2/pkg/util/stringutils"
 )
 
+var AvaliableSettings = []string{
+	"server_domain",
+}
+
 func (s *rest) CreateSetting(json types.CreateSettingRequest) (*model.Settings, error) {
+	if !stringutils.Contains(AvaliableSettings, json.Key) {
+		return nil, errors.New("invalid setting key")
+	}
 	setting := model.Settings{
 		Key:   json.Key,
 		Value: json.Value,

diff --git a/manager/service/user.go b/manager/service/user.go
@@ -17,6 +17,8 @@
 package service
 
 import (
+	"errors"
+
 	"d7y.io/dragonfly/v2/manager/model"
 	"d7y.io/dragonfly/v2/manager/types"
 	"golang.org/x/crypto/bcrypt"
@@ -38,6 +40,48 @@ func (s *rest) SignIn(json types.SignInRequest) (*model.User, error) {
 	return &user, nil
 }
 
+func (s *rest) ResetPassword(uid uint, userName string, json types.ResetPasswordRequest) error {
+	user := model.User{}
+	if err := s.db.First(&user, model.User{
+		Name: userName,
+	}).Error; err != nil {
+		return err
+	}
+
+	updatePassword := func(uid uint, password string) error {
+		user := model.User{}
+		encryptedPasswordBytes, err := bcrypt.GenerateFromPassword([]byte(json.NewPassword), bcrypt.MinCost)
+		if err != nil {
+			return err
+		}
+		if err := s.db.First(&user, uid).Updates(model.User{
+			EncryptedPassword: string(encryptedPasswordBytes),
+		}).Error; err != nil {
+			return err
+		}
+		return nil
+
+	}
+
+	if user.ID == uid {
+		err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte(json.OldPassword))
+		if err != nil {
+			return err
+		}
+		return updatePassword(uid, json.NewPassword)
+	} else {
+		// validate user permission
+		has, err := s.enforcer.Enforce(userName, "users", "*")
+		if err != nil {
+			return err
+		}
+		if !has {
+			return errors.New("permission deny")
+		}
+		return updatePassword(uid, json.NewPassword)
+	}
+}
+
 func (s *rest) SignUp(json types.SignUpRequest) (*model.User, error) {
 	encryptedPasswordBytes, err := bcrypt.GenerateFromPassword([]byte(json.Password), bcrypt.MinCost)
 	if err != nil {

diff --git a/manager/types/user.go b/manager/types/user.go
@@ -21,6 +21,11 @@ type SignInRequest struct {
 	Password string `form:"password" binding:"required,min=8,max=20"`
 }
 
+type ResetPasswordRequest struct {
+	OldPassword string `form:"old_password" binding:"required,min=8,max=20"`
+	NewPassword string `form:"new_password" binding:"required,min=8,max=20"`
+}
+
 type SignUpRequest struct {
 	SignInRequest
 	Email    string `form:"email" binding:"required,email"`
@@ -29,8 +34,11 @@ type SignUpRequest struct {
 	Location string `form:"location" binding:"omitempty"`
 	BIO      string `form:"bio" binding:"omitempty"`
 }
+type UserIDRequest struct {
+	ID uint `uri:"id" binding:"required,min=1"`
+}
 
 type RoleRequest struct {
+	UserIDRequest
 	RoleName string `uri:"role_name" binding:"required,min=1"`
-	ID       uint   `uri:"id" binding:"required,min=1"`
 }