Initial commit of password reset workflow.

2021-12-16 07:29:16 -05:00 · 2021-12-16 07:29:16 -05:00 · e6a5fa58c7
commit e6a5fa58c7
parent b4de8e58f9
6 changed files with 184 additions and 16 deletions
--- a/auth/auth.go
+++ b/auth/auth.go
@ -4,9 +4,11 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 	"errors"
 	"time"
 	"goweb/config"
 	"goweb/ent"
 	"goweb/ent/passwordtoken"
 	"goweb/ent/user"
 	"github.com/labstack/echo-contrib/session"
@ -20,6 +22,13 @@ const (
 	sessionKeyAuthenticated = "authenticated"
 )
 type NotAuthenticatedError struct{}
 // Error implements the error interface.
 func (e NotAuthenticatedError) Error() string {
 	return "user not authenticated"
 }
 type Client struct {
 	config *config.Config
 	orm    *ent.Client
@ -61,7 +70,7 @@ func (c *Client) GetAuthenticatedUserID(ctx echo.Context) (int, error) {
 		return sess.Values[sessionKeyUserID].(int), nil
 	}
-	return 0, errors.New("user not authenticated")
+	return 0, NotAuthenticatedError{}
 }
 func (c *Client) GetAuthenticatedUser(ctx echo.Context) (*ent.User, error) {
@ -71,7 +80,7 @@ func (c *Client) GetAuthenticatedUser(ctx echo.Context) (*ent.User, error) {
 			First(ctx.Request().Context())
 	}
-	return nil, errors.New("user not authenticated")
+	return nil, NotAuthenticatedError{}
 }
 func (c *Client) HashPassword(password string) (string, error) {
@ -106,6 +115,32 @@ func (c *Client) GeneratePasswordResetToken(ctx echo.Context, userID int) (strin
 	return token, pt, err
 }
 func (c *Client) GetValidPasswordToken(ctx echo.Context, token string) (*ent.PasswordToken, error) {
 	// Hash the token in order to match in the database
 	hash, err := c.HashPassword(token)
 	if err != nil {
 		return nil, err
 	}
 	// Query to find a matching token
 	pt, err := c.orm.PasswordToken.
 		Query().
 		Where(passwordtoken.Hash(hash)).
 		First(ctx.Request().Context())
 	if err != nil {
 		ctx.Logger().Error(err)
 		return nil, err
 	}
 	// Check if the token is no longer valid
 	if pt.CreatedAt.Before(time.Now().Add(-c.config.App.PasswordTokenExpiration)) {
 		return nil, errors.New("token has expired")
 	}
 	return pt, nil
 }
 func (c *Client) RandomToken(length int) string {
 	b := make([]byte, length)
 	if _, err := rand.Read(b); err != nil {
--- a/context/context.go
+++ b/context/context.go
@ -3,4 +3,5 @@ package context
 const (
 	AuthenticatedUserKey = "auth_user"
 	FormKey              = "form"
 	PasswordTokenKey     = "password_token"
 )
--- a/middleware/auth.go
+++ b/middleware/auth.go
@ -6,6 +6,7 @@ import (
 	"goweb/auth"
 	"goweb/context"
 	"goweb/ent"
 	"goweb/msg"
 	"github.com/labstack/echo/v4"
 )
@ -13,17 +14,39 @@ import (
 func LoadAuthenticatedUser(authClient *auth.Client) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
-			if user, err := authClient.GetAuthenticatedUser(c); err == nil {
+			u, err := authClient.GetAuthenticatedUser(c)
 			switch err.(type) {
 			case *ent.NotFoundError:
 				c.Logger().Debug("auth user not found")
 			case auth.NotAuthenticatedError:
 			case nil:
-					c.Set(context.AuthenticatedUserKey, user)
+				c.Set(context.AuthenticatedUserKey, u)
-					c.Logger().Info("auth user loaded in to context: %d", user.ID)
+				c.Logger().Info("auth user loaded in to context: %d", u.ID)
 			default:
 				c.Logger().Errorf("error querying for authenticated user: %v", err)
 			}
 			return next(c)
 		}
 	}
 }
 func LoadValidPasswordToken(authClient *auth.Client) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
 			tokenParam := c.Param("password_token")
 			if tokenParam == "" {
 				c.Logger().Warn("missing password token path parameter")
 				return echo.NewHTTPError(http.StatusNotFound, "Not found")
 			}
 			token, err := authClient.GetValidPasswordToken(c, tokenParam)
 			if err != nil {
 				msg.Warning(c, "The link is either invalid or has expired. Please request a new one.")
 				return c.Redirect(http.StatusFound, c.Echo().Reverse("forgot_password"))
 			}
 			c.Set(context.PasswordTokenKey, token)
 			return next(c)
 		}
--- a/routes/reset_password.go
+++ b/routes/reset_password.go
@ -0,0 +1,82 @@
 package routes
 import (
 	"goweb/controller"
 	"goweb/msg"
 	"github.com/labstack/echo/v4"
 )
 type (
 	ResetPassword struct {
 		controller.Controller
 	}
 	ResetPasswordForm struct {
 		Password        string `form:"password" validate:"required" label:"Password"`
 		ConfirmPassword string `form:"password-confirm" validate:"required,eqfield=Password" label:"Confirm password"`
 	}
 )
 func (r *ResetPassword) Get(c echo.Context) error {
 	p := controller.NewPage(c)
 	p.Layout = "auth"
 	p.Name = "reset-password"
 	p.Title = "Reset password"
 	return r.RenderPage(c, p)
 }
 func (r *ResetPassword) Post(c echo.Context) error {
 	fail := func(message string, err error) error {
 		c.Logger().Errorf("%s: %v", message, err)
 		msg.Danger(c, "An error occurred. Please try again.")
 		return r.Get(c)
 	}
 	succeed := func() error {
 		msg.Success(c, "Your password has been updated.")
 		return r.Redirect(c, "login")
 	}
 	// Parse the form values
 	form := new(ResetPassword)
 	if err := c.Bind(form); err != nil {
 		return fail("unable to parse forgot password form", err)
 	}
 	// Validate the form
 	if err := c.Validate(form); err != nil {
 		r.SetValidationErrorMessages(c, err, form)
 		return r.Get(c)
 	}
 	// Attempt to load the user
 	//u, err := f.Container.ORM.User.
 	//	Query().
 	//	Where(user.Email(form.Email)).
 	//	First(c.Request().Context())
 	//
 	//if err != nil {
 	//	switch err.(type) {
 	//	case *ent.NotFoundError:
 	//		return succeed()
 	//	default:
 	//		return fail("error querying user during forgot password", err)
 	//	}
 	//}
 	//
 	//// Generate the token
 	//token, _, err := f.Container.Auth.GeneratePasswordResetToken(c, u.ID)
 	//if err != nil {
 	//	return fail("error generating password reset token", err)
 	//}
 	//c.Logger().Infof("generated password reset token for user %d", u.ID)
 	//
 	//// Email the user
 	//err = f.Container.Mail.Send(c, u.Email, fmt.Sprintf("Go here to reset your password: %s", token)) // TODO: route
 	//if err != nil {
 	//	return fail("error sending password reset email", err)
 	//}
 	return succeed()
 }
--- a/routes/router.go
+++ b/routes/router.go
@ -71,11 +71,11 @@ func BuildRouter(c *container.Container) {
 	c.Web.Validator = &Validator{validator: validator.New()}
 	// Routes
-	navRoutes(g, ctr)
+	navRoutes(c, g, ctr)
-	userRoutes(g, ctr)
+	userRoutes(c, g, ctr)
 }
-func navRoutes(g *echo.Group, ctr controller.Controller) {
+func navRoutes(c *container.Container, g *echo.Group, ctr controller.Controller) {
 	home := Home{Controller: ctr}
 	g.GET("/", home.Get).Name = "home"
@ -87,7 +87,7 @@ func navRoutes(g *echo.Group, ctr controller.Controller) {
 	g.POST("/contact", contact.Post).Name = "contact.post"
 }
-func userRoutes(g *echo.Group, ctr controller.Controller) {
+func userRoutes(c *container.Container, g *echo.Group, ctr controller.Controller) {
 	logout := Logout{Controller: ctr}
 	g.GET("/logout", logout.Get, middleware.RequireAuthentication()).Name = "logout"
@ -103,4 +103,9 @@ func userRoutes(g *echo.Group, ctr controller.Controller) {
 	forgot := ForgotPassword{Controller: ctr}
 	noAuth.GET("/password", forgot.Get).Name = "forgot_password"
 	noAuth.POST("/password", forgot.Post).Name = "forgot_password.post"
 	resetGroup := noAuth.Group("/password/reset", middleware.LoadValidPasswordToken(c.Auth))
 	reset := ResetPassword{Controller: ctr}
 	resetGroup.GET("/token/:password_token", reset.Get).Name = "reset_password"
 	resetGroup.POST("/token/:password_token", reset.Post).Name = "reset_password.post"
 }
--- a/templates/pages/reset-password.gohtml
+++ b/templates/pages/reset-password.gohtml
@ -0,0 +1,22 @@
 {{define "content"}}
    <form method="post">
        <div class="field">
            <label for="password" class="label">Password</label>
            <div class="control">
                <input type="password" id="password" name="password" placeholder="*******" class="input" required>
            </div>
        </div>
        <div class="field">
            <label for="password-confirm" class="label">Confirm password</label>
            <div class="control">
                <input type="password" id="password-confirm" name="password-confirm" placeholder="*******" class="input" required>
            </div>
        </div>
        <div class="field is-grouped">
            <p class="control">
                <button class="button is-primary">Update password</button>
            </p>
        </div>
        {{template "csrf" .}}
    </form>
 {{end}}