Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add reset user password action #1320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
May 6, 2022
Merged

Add reset user password action #1320

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
346e5e4
Add UpdateUserHashedPassword query
BrunoQuaresma May 4, 2022
4bd7557
chore: Merge branch 'main' of github.com:coder/coder into bq/update-u…
BrunoQuaresma May 4, 2022
de39cf5
Add database functions
BrunoQuaresma May 5, 2022
2fe1716
Add update user password endpoint
BrunoQuaresma May 5, 2022
212020a
Add tests and fixes
BrunoQuaresma May 5, 2022
2699445
Remove confirmation and fix lint issues
BrunoQuaresma May 5, 2022
355f163
Return hash error as server error
BrunoQuaresma May 5, 2022
56b29fd
Update coderd/database/databasefake/databasefake.go
BrunoQuaresma May 5, 2022
30b8f15
Improve readbility
BrunoQuaresma May 5, 2022
f6be255
Add RBAC
BrunoQuaresma May 5, 2022
5df5763
Fix route
BrunoQuaresma May 5, 2022
b9dbd64
Merge branch 'bq/update-user-password' of github.com:coder/coder into…
BrunoQuaresma May 5, 2022
69af903
Add missing TS types
BrunoQuaresma May 5, 2022
d85092b
Update update password request params
BrunoQuaresma May 5, 2022
d35139c
Add FE for reset user password
BrunoQuaresma May 5, 2022
2a9b9be
Merge branch 'main' of github.com:coder/coder into bq/fe/update-user-…
BrunoQuaresma May 6, 2022
8957339
Add reset password dialog to storybook
BrunoQuaresma May 6, 2022
e388f8a
Add tests
BrunoQuaresma May 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add update user password endpoint
  • Loading branch information
@BrunoQuaresma
BrunoQuaresma committed May 5, 2022
commit 2fe171618e5698f9f38ba42ffd42965f2d14e911
1 change: 1 addition & 0 deletions coderd/coderd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,7 @@ func New(options *Options) (http.Handler, func()) {
r.Get("/", api.userByName)
r.Put("/profile", api.putUserProfile)
r.Put("/suspend", api.putUserSuspend)
r.Put("/password", api.putUserPassword)
r.Get("/organizations", api.organizationsByUser)
r.Post("/organizations", api.postOrganizationsByUser)
// These roles apply to the site wide permissions.
Expand Down
58 changes: 58 additions & 0 deletions coderd/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,64 @@ func (api *api) putUserSuspend(rw http.ResponseWriter, r *http.Request) {
httpapi.Write(rw, http.StatusOK, convertUser(suspendedUser, organizations))
}

func (api *api) putUserPassword(rw http.ResponseWriter, r *http.Request) {
user := httpmw.UserParam(r)

var params codersdk.UpdateUserHashedPasswordRequest
if !httpapi.Read(rw, r, &params) {
return
}

// Check if the password is correct
equal, err := userpassword.Compare(string(user.HashedPassword), params.Password)
if err != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
Message: fmt.Sprintf("compare: %s", err.Error()),
})
}
if !equal {
// This message is the same as above to remove ease in detecting whether
// users are registered or not. Attackers still could with a timing attack.
httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
Message: "invalid email or password",
})
return
}

// Check if the new password and the confirmation match
if params.NewPassword != params.ConfirmNewPassword {
errors := []httpapi.Error{
{
Field: "confirm_new_password",
Detail: "The value does not match the new password",
},
}
httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
Message: fmt.Sprintf("The new password and the new password confirmation don't match"),
Errors: errors,
})
return
}

// Hash password and update it in the database
hashedPassword, hashError := userpassword.Hash(params.NewPassword)
if hashError != nil {
xerrors.Errorf("hash password: %w", hashError)
return
}
databaseError := api.Database.UpdateUserHashedPassword(r.Context(), database.UpdateUserHashedPasswordParams{
HashedPassword: []byte(hashedPassword),
})
if databaseError != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
Message: fmt.Sprintf("put user password: %s", err.Error()),
})
return
}

httpapi.Write(rw, http.StatusNoContent, nil)
}

func (api *api) userRoles(rw http.ResponseWriter, r *http.Request) {
user := httpmw.UserParam(r)

Expand Down
6 changes: 6 additions & 0 deletions codersdk/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,12 @@ type UpdateUserProfileRequest struct {
Username string `json:"username" validate:"required,username"`
}

type UpdateUserHashedPasswordRequest struct {
Password string `json:"password" validate:"required"`
NewPassword string `json:"new_password" validate:"required"`
ConfirmNewPassword string `json:"confirm_new_password" validate:"required"`
}

type UpdateRoles struct {
Roles []string `json:"roles" validate:"required"`
}
Expand Down