base 64 decode password

complete password reset
2018-06-01 19:31:40 +02:00 · 2018-06-01 19:29:17 +02:00 · 2018-06-01 18:53:06 +02:00 · 2018-06-01 15:01:37 +02:00 · 2018-06-01 12:11:58 +02:00 · 2018-06-01 12:09:08 +02:00
7 changed files with 66 additions and 16 deletions
--- a/application/applicationservice/applicationservice.go
+++ b/application/applicationservice/applicationservice.go
@@ -35,7 +35,7 @@ func New(svc *service.Service, mapper *entitymapping.Mapper, notification *notif
 		bcbsi := bcbsi.New(cfg)

 		instance = &Service{
-			Users:         newUserService(svc, mapper),
+			Users:         newUserService(svc, mapper, bcbsi, cfg),
 			Rides:         newRideService(svc, mapper),
 			Visits:        newVisitService(svc, mapper),
 			Provider:      newProviderService(svc, mapper),
--- a/application/applicationservice/user.go
+++ b/application/applicationservice/user.go
@@ -172,6 +172,11 @@ func (s *userService) UpdateLogin(user viewmodel.User) error {
 	return s.svc.Users.UpdateLogin(eUser)
 }

+func (s *userService) UpdateLoginPassword(user viewmodel.User) error {
+	eUser := s.mapEntity.User.ToUserEntity(user)
+	return s.svc.Users.UpdateLoginPassword(eUser)
+}
+
 func (s *userService) SaveAddress(address viewmodel.Address) (retVal viewmodel.Address, err error) {
 	entity := s.mapEntity.Address.ToAddressEntity(address)
 	entity, err = s.svc.Users.SaveAddress(entity)
--- a/data/datamysql/user.go
+++ b/data/datamysql/user.go
@@ -462,6 +462,22 @@ func (c *userRepo) UpdateLogin(user entity.User) error {
 	return nil
 }

+func (c *userRepo) UpdateLoginPassword(user entity.User) error {
+	const (
+		query = `UPDATE			tab_login   	a
+				 INNER JOIN 	tab_user    	b
+				 ON      		a.user_id		=	b.user_id
+				 SET      		a.password     	=   sha2(?, 512)
+				 WHERE  		b.user_uuid     = 	?`
+	)
+
+	if _, err := c.conn.Exec(query, user.Pass, user.UUID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (c *userRepo) RemoveContact(contact entity.ContactInfo) (entity.ContactInfo, error) {
 	const (
 		query = `DELETE FROM tab_contact WHERE contact_uuid = ?;`
--- a/domain/contract/repo.go
+++ b/domain/contract/repo.go
@@ -35,6 +35,7 @@ type UserRepo interface {
 	SaveContact(contact entity.ContactInfo) (entity.ContactInfo, error)
 	RemoveContact(contact entity.ContactInfo) (entity.ContactInfo, error)
 	UpdateLogin(user entity.User) error
+	UpdateLoginPassword(user entity.User) error
 }

 // RideRepo defines the data set for Rides
--- a/domain/service/user.go
+++ b/domain/service/user.go
@@ -80,6 +80,10 @@ func (s *userService) UpdateLogin(user entity.User) error {
 	return s.svc.db.Users().UpdateLogin(user)
 }

+func (s *userService) UpdateLoginPassword(user entity.User) error {
+	return s.svc.db.Users().UpdateLoginPassword(user)
+}
+
 // GetUsersByProfile returns a list of users by profile
 func (s *userService) GetUsersByProfile(profile string) ([]entity.User, error) {
 	return s.svc.db.Users().GetUsersByProfile(profile)
--- a/server/router/passwordresetroute/controller.go
+++ b/server/router/passwordresetroute/controller.go
@@ -2,6 +2,7 @@ package passwordresetroute

 import (
 	"crypto/sha256"
+	b64 "encoding/base64"
 	"fmt"
 	"math/rand"
 	"strings"
@@ -16,12 +17,14 @@ import (
 )

 const (
-	tokenExpirationTime        = 90 // in minutes
-	randomStringLength         = 15
-	baseURL                    = "http://localhost:5000"
-	passwordResetEmailSubject  = "Reset Your Password"
-	passwordResetEmailMainBody = "To reset your password click here or copy the following link and paste it into your browser: \n\n " + baseURL + "/#/reset-password/"
-	passwordResetEmailFooter   = "\nThis link expires in 90 minutes"
+	tokenExpirationTime               = 90 // in minutes
+	randomStringLength                = 15
+	baseURL                           = "http://localhost:5000"
+	passwordResetEmailSubject         = "Reset Your Password"
+	passwordResetEmailMainBody        = "To reset your password click here or copy the following link and paste it into your browser: \n\n " + baseURL + "/#/reset-password/"
+	passwordResetEmailFooter          = "\nThis link expires in 90 minutes"
+	passwordResetCompleteEmailSubject = "Your Password Has been Reset"
+	passwordResetCompleteEmailBody    = "Your password has been reset. To login click here or copy the following link and paste it into your browser: \n\n" + baseURL + "/#/login"
 )

 var (
@@ -88,7 +91,7 @@ func (c *controller) handleResetRequest(ctx echo.Context) error {
 	notification := viewmodel.Notification{
 		Type:    applicationservice.NotificationTypeEmail,
 		From:    c.cfg.Email.Sender,
-		To:      "test.test.no@yandex.com",
+		To:      *user.Email,
 		Subject: passwordResetEmailSubject,
 		Message: passwordResetEmailMainBody + token + passwordResetEmailFooter,
 	}
@@ -113,25 +116,46 @@ func (c *controller) handleResetComplete(ctx echo.Context) error {
 	}

 	if len(strings.TrimSpace(user.Pass)) < 1 {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "No password")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "No password")
 	}

+	pass, err := b64.StdEncoding.DecodeString(user.Pass)
+	if err != nil {
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Invalid password")
+	}
+	user.Pass = string(pass)
+
 	passwordResetEntry, err := c.svc.PasswordReset.GetByToken(userToken)
 	if err != nil || len(passwordResetEntry.Token) < 1 || passwordResetEntry.Expires.Before(time.Now()) || passwordResetEntry.Used == true {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "Token error")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Token error")
 	}

 	fullUserData, err := c.svc.Users.GetByUUID(passwordResetEntry.User.ID, "")
 	if err != nil {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "User problem")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "User error")
 	}

-	fmt.Println(fullUserData)
-
-	//write new password in database
+	fullUserData.Pass = user.Pass //user contains just password sent from reset form
+	if err = c.svc.Users.UpdateLoginPassword(fullUserData); err != nil {
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Error updating password")
+	}

 	if err := c.svc.PasswordReset.SetTokenUsed(userToken); err != nil {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "Reset failed")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Reset failed")
+	}
+
+	//Send email with reset link
+	notification := viewmodel.Notification{
+		Type:    applicationservice.NotificationTypeEmail,
+		From:    c.cfg.Email.Sender,
+		To:      *fullUserData.Email,
+		Subject: passwordResetCompleteEmailSubject,
+		Message: passwordResetCompleteEmailBody,
+	}
+
+	notification, err = c.svc.Notification.SendNotificationWithoutWritingToDatabase(notification)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
 	}

 	return routeutils.ResponseAPIOK(ctx, nil)
--- a/server/validation/selfregister.go
+++ b/server/validation/selfregister.go
@@ -53,7 +53,7 @@ func ValidateSelfregistration(user *viewmodel.User) []errors.ValidationError {

 	//Provider NPI validation
 	if len(user.Provider.InternalID) != 10 || !isNumeric(user.Provider.InternalID) {
-		result = append(result, errors.ValidationError{Field: "provider.internal_id", Message: "Provider NPI must be 10 digit number"})
+		result = append(result, errors.ValidationError{Field: "provider.internal_id", Message: "Provider NPI must be a 10 digit number"})
 	}

 	//First name validation
Author	SHA1	Message	Date
GotPPay	840823cda8	base 64 decode password	2018-06-01 19:31:40 +02:00
GotPPay	3494273503	base 64 decode password	2018-06-01 19:29:17 +02:00
GotPPay	2fc6619383	complete password reset	2018-06-01 18:53:06 +02:00
GotPPay	b683e813fe	add confirmation email on complete	2018-06-01 15:01:37 +02:00
GotPPay	8477c7fe9a	Merge branch 'NPI-error-message-fix' into merge-1-6	2018-06-01 12:11:58 +02:00
GotPPay	1c49bebb50	fix bug	2018-06-01 12:09:08 +02:00
GotPPay	0e91373b55	edit self registration error message	2018-06-01 05:08:13 +02:00