feat: change password (#35)

* refactor: implement factories for testing * add additional factories * change protection for dropFields * prevent timed attacks on login * use switch instead of else-if * API implementation for changing password * add change-password dialog
2022-10-09 09:23:21 -08:00 · 2022-10-09 09:23:21 -08:00 · a6d2fd45df
commit a6d2fd45df
parent a6e3989aee
19 changed files with 458 additions and 149 deletions
--- a/backend/app/api/v1/v1_ctrl_auth.go
+++ b/backend/app/api/v1/v1_ctrl_auth.go
@ -36,7 +36,8 @@ func (ctrl *V1Controller) HandleAuthLogin() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		loginForm := &LoginForm{}

-		if r.Header.Get("Content-Type") == server.ContentFormUrlEncoded {
+		switch r.Header.Get("Content-Type") {
+		case server.ContentFormUrlEncoded:
 			err := r.ParseForm()
 			if err != nil {
 				server.Respond(w, http.StatusBadRequest, server.Wrap(err))
@ -46,7 +47,7 @@ func (ctrl *V1Controller) HandleAuthLogin() http.HandlerFunc {

 			loginForm.Username = r.PostFormValue("username")
 			loginForm.Password = r.PostFormValue("password")
-		} else if r.Header.Get("Content-Type") == server.ContentJSON {
+		case server.ContentJSON:
 			err := server.Decode(r, loginForm)

 			if err != nil {
@ -54,7 +55,7 @@ func (ctrl *V1Controller) HandleAuthLogin() http.HandlerFunc {
 				server.Respond(w, http.StatusBadRequest, server.Wrap(err))
 				return
 			}
-		} else {
+		default:
 			server.Respond(w, http.StatusBadRequest, errors.New("invalid content type"))
 			return
 		}
@ -67,7 +68,7 @@ func (ctrl *V1Controller) HandleAuthLogin() http.HandlerFunc {
 		newToken, err := ctrl.svc.User.Login(r.Context(), loginForm.Username, loginForm.Password)

 		if err != nil {
-			server.RespondError(w, http.StatusUnauthorized, err)
+			server.RespondError(w, http.StatusInternalServerError, err)
 			return
 		}