Add account settings page to change passwords

2017-12-23 19:15:50 -08:00 · 2017-12-23 19:15:50 -08:00 · 419ae157cc
commit 419ae157cc
parent 00925bb267
5 changed files with 192 additions and 3 deletions
--- a/core/app.go
+++ b/core/app.go
@ -82,8 +82,7 @@ func New(documentRoot, userRoot string) *Blog {
 	// Initialize the router.
 	r := mux.NewRouter()
 	r.HandleFunc("/initial-setup", blog.SetupHandler)
-	r.HandleFunc("/login", blog.LoginHandler)
+	blog.AuthRoutes(r)
 	r.HandleFunc("/logout", blog.LogoutHandler)
 	blog.AdminRoutes(r)
 	blog.ContactRoutes(r)
 	blog.BlogRoutes(r)
--- a/core/auth.go
+++ b/core/auth.go
@ -4,10 +4,18 @@ import (
 	"errors"
 	"net/http"
 	"github.com/gorilla/mux"
 	"github.com/kirsle/blog/core/forms"
 	"github.com/kirsle/blog/core/models/users"
 )
 // AuthRoutes attaches the auth routes to the app.
 func (b *Blog) AuthRoutes(r *mux.Router) {
 	r.HandleFunc("/login", b.LoginHandler)
 	r.HandleFunc("/logout", b.LogoutHandler)
 	r.HandleFunc("/account", b.AccountHandler)
 }
 // Login logs the browser in as the given user.
 func (b *Blog) Login(w http.ResponseWriter, r *http.Request, u *users.User) error {
 	session, err := b.store.Get(r, "session") // TODO session name
@ -75,3 +83,84 @@ func (b *Blog) LogoutHandler(w http.ResponseWriter, r *http.Request) {
 	session.Save(r, w)
 	b.Redirect(w, "/")
 }
 // AccountHandler shows the account settings page.
 func (b *Blog) AccountHandler(w http.ResponseWriter, r *http.Request) {
 	if !b.LoggedIn(r) {
 		b.FlashAndRedirect(w, r, "/login?next=/account", "You must be logged in to do that!")
 		return
 	}
 	currentUser, err := b.CurrentUser(r)
 	if err != nil {
 		b.FlashAndRedirect(w, r, "/login?next=/account", "You must be logged in to do that!!")
 		return
 	}
 	// Load an editable copy of the user.
 	user, err := users.Load(currentUser.ID)
 	if err != nil {
 		b.FlashAndRedirect(w, r, "/login?next=/account", "User ID %d not loadable?", currentUser.ID)
 		return
 	}
 	v := NewVars()
 	form := &forms.Account{
 		Username: user.Username,
 		Email:    user.Email,
 		Name:     user.Name,
 	}
 	v.Form = form
 	if r.Method == http.MethodPost {
 		form.Username = users.Normalize(r.FormValue("username"))
 		form.Email = r.FormValue("email")
 		form.Name = r.FormValue("name")
 		form.OldPassword = r.FormValue("oldpassword")
 		form.NewPassword = r.FormValue("newpassword")
 		form.NewPassword2 = r.FormValue("newpassword2")
 		if err = form.Validate(); err != nil {
 			b.Flash(w, r, err.Error())
 		} else {
 			var ok = true
 			// Validate the username is available.
 			if form.Username != user.Username {
 				if _, err = users.LoadUsername(form.Username); err == nil {
 					b.Flash(w, r, "That username already exists.")
 					ok = false
 				}
 			}
 			// Changing their password?
 			if len(form.OldPassword) > 0 {
 				// Validate their old password.
 				if _, err = users.CheckAuth(form.Username, form.OldPassword); err != nil {
 					b.Flash(w, r, "Your old password is incorrect.")
 					ok = false
 				} else {
 					err = user.SetPassword(form.NewPassword)
 					if err != nil {
 						b.Flash(w, r, "Change password error: %s", err)
 						ok = false
 					}
 				}
 			}
 			// Still good?
 			if ok {
 				user.Username = form.Username
 				user.Name = form.Name
 				user.Email = form.Email
 				err = user.Save()
 				if err != nil {
 					b.Flash(w, r, "Error saving user: %s", err)
 				} else {
 					b.FlashAndRedirect(w, r, "/account", "Settings saved!")
 					return
 				}
 			}
 		}
 	}
 	b.RenderTemplate(w, r, "account", v)
 }
--- a/core/forms/auth.go
+++ b/core/forms/auth.go
@ -19,3 +19,29 @@ func (f Login) Validate() error {
 	}
 	return nil
 }
 // Account is for updating account settings.
 type Account struct {
 	Username     string
 	OldPassword  string
 	NewPassword  string
 	NewPassword2 string
 	Email        string
 	Name         string
 }
 // Validate the account form.
 func (f Account) Validate() error {
 	if len(f.Username) == 0 {
 		return errors.New("username is required")
 	}
 	if len(f.OldPassword) > 0 && len(f.NewPassword) > 0 {
 		if f.NewPassword != f.NewPassword2 {
 			return errors.New("your passwords don't match")
 		}
 	}
 	if len(f.Name) == 0 {
 		f.Name = f.Username
 	}
 	return nil
 }
--- a/root/.layout.gohtml
+++ b/root/.layout.gohtml
@ -101,7 +101,7 @@
                    <h4 class="cart-title">Control Center</h4>
                    <p>
-                        Logged in as: {{ .CurrentUser.Username }}
+                        Logged in as: <a href="/account">{{ .CurrentUser.Username }}</a>
                    </p>
                    <ul class="list-unstyled">
--- a/root/account.gohtml
+++ b/root/account.gohtml
@ -0,0 +1,75 @@
 {{ define "title" }}Account Settings{{ end }}
 {{ define "content" }}
 <h1>Account Settings</h1>
 <form action="/account" method="POST">
    <input type="hidden" name="_csrf" value="{{ .CSRF }}">
    <h3>The Basics</h3>
    <div class="form-group">
        <label for="username">Username</label>
        <small class="text-muted">You log in using this name.</small>
        <input type="text"
            class="form-control"
            name="username"
            id="username"
            value="{{ .Form.Username }}"
            placeholder="soandso">
    </div>
    <div class="form-group">
        <label for="name">Name</label>
        <input type="text"
            class="form-control"
            name="name"
            id="name"
            value="{{ .Form.Name }}"
            placeholder="{{ or .Form.Username "Anonymous" }}">
    </div>
    <div class="form-group">
        <label for="email">Email</label>
        <input type="text"
            class="form-control"
            name="email"
            id="email"
            value="{{ .Form.Email }}"
            placeholder="name@domain.com">
    </div>
    <h3>Change Password</h3>
    <div class="form-group">
        <label for="oldpassword">Current Password</label>
        <input type="password"
            class="form-control"
            name="oldpassword"
            id="oldpassword"
            placeholder="Current Password">
    </div>
    <div class="form-group">
        <label for="newpassword">New Password</label>
        <input type="password"
            class="form-control"
            name="newpassword"
            id="newpassword"
            placeholder="New Password">
    </div>
    <div class="form-group">
        <label for="newpassword2">Confirm</label>
        <input type="password"
            class="form-control"
            name="newpassword2"
            id="newpassword2"
            placeholder="Confirm">
    </div>
    <div class="form-group">
        <button type="submit" class="btn btn-primary">Save Settings</button>
        <a href="/" class="btn btn-secondary">Cancel</a>
    </div>
 </form>
 {{ end }}