linkernetworks · John-Lin · Sep 20, 2018 · Sep 19, 2018 · Sep 20, 2018 · Sep 20, 2018
diff --git a/src/server/handler_user.go b/src/server/handler_user.go
@@ -77,6 +77,66 @@ func verifyTokenHandler(ctx *web.Context) {
 	http.Redirect(resp.ResponseWriter, req.Request, "/v1/users/"+userID, 303)
 }
 
+func patchPasswordHandler(ctx *web.Context) {
+	sp, req, resp := ctx.ServiceProvider, ctx.Request, ctx.Response
+
+	session := sp.Mongo.NewSession()
+	defer session.Close()
+
+	userID, ok := req.Attribute("UserID").(string)
+	if !ok {
+		response.Unauthorized(req.Request, resp.ResponseWriter, fmt.Errorf("Unauthorized: User ID is empty"))
+		return
+	}
+
+	user, err := backend.FindUserByID(session, bson.ObjectIdHex(userID))
+	if err != nil {
+		response.Unauthorized(req.Request, resp.ResponseWriter, fmt.Errorf("Unauthorized: User ID not found"))
+		return
+	}
+
+	var newCred entity.LoginCredential
+	if err := req.ReadEntity(&newCred); err != nil {
+		response.BadRequest(req.Request, resp.ResponseWriter, err)
+		return
+	}
+
+	// To verify that users only can change themselves password
+	if user.LoginCredential.Username != newCred.Username {
+		response.Unauthorized(req.Request, resp.ResponseWriter, fmt.Errorf("Unauthorized: User ID not found"))
+		return
+	}
+
+	if err := sp.Validator.Struct(newCred); err != nil {
+		response.BadRequest(req.Request, resp.ResponseWriter, err)
+		return
+	}
+
+	hashedPassword, err := utils.HashPassword(newCred.Password)
+	if err != nil {
+		response.BadRequest(req.Request, resp.ResponseWriter, err)
+		return
+	}
+	newCred.Password = hashedPassword
+
+	user.LoginCredential = newCred
+	modifier := bson.M{
+		"$set": user,
+	}
+	query := bson.M{
+		"_id": user.ID,
+	}
+	if err := session.Update(entity.UserCollectionName, query, modifier); err != nil {
+		response.InternalServerError(req.Request, resp, err)
+		return
+	}
+
+	resp.WriteEntity(response.ActionResponse{
+		Error:   false,
+		Message: "password successfully changed",
+	})
+}
+
 func signInUserHandler(ctx *web.Context) {
 	sp, req, resp := ctx.ServiceProvider, ctx.Request, ctx.Response
 

diff --git a/src/server/handler_user_test.go b/src/server/handler_user_test.go
@@ -13,7 +13,9 @@ import (
 	"github.com/linkernetworks/mongo"
 	"github.com/linkernetworks/vortex/src/config"
 	"github.com/linkernetworks/vortex/src/entity"
+	response "github.com/linkernetworks/vortex/src/net/http"
 	"github.com/linkernetworks/vortex/src/serviceprovider"
+	"github.com/linkernetworks/vortex/src/utils"
 	"github.com/moby/moby/pkg/namesgenerator"
 	"github.com/stretchr/testify/suite"
 	"gopkg.in/mgo.v2/bson"
@@ -115,6 +117,80 @@ func (suite *UserTestSuite) TestVerifyInvalidToken() {
 	assertResponseCode(suite.T(), http.StatusUnauthorized, httpWriter)
 }
 
+func (suite *UserTestSuite) TestPatchPassword() {
+	var resp response.ActionResponse
+	testUsername := namesgenerator.GetRandomName(0) + "@linkernetworks.com"
+	// given a user already signup
+	user := entity.User{
+		ID: bson.NewObjectId(),
+		LoginCredential: entity.LoginCredential{
+			Username: testUsername,
+			Password: "password",
+		},
+		DisplayName: "John Doe",
+		FirstName:   "John",
+		LastName:    "Doe",
+		PhoneNumber: "0999999999",
+	}
+
+	bodyBytes, err := json.MarshalIndent(user, "", "  ")
+	suite.NoError(err)
+
+	bodyReader := strings.NewReader(string(bodyBytes))
+	httpRequest, err := http.NewRequest("POST", "http://localhost:7890/v1/users/signup", bodyReader)
+	suite.NoError(err)
+
+	httpRequest.Header.Add("Content-Type", "application/json")
+	httpWriter := httptest.NewRecorder()
+	suite.wc.Dispatch(httpWriter, httpRequest)
+	assertResponseCode(suite.T(), http.StatusCreated, httpWriter)
+	defer suite.session.Remove(entity.UserCollectionName, "loginCredential.username", user.LoginCredential.Username)
+
+	// do signin to get a jwt bearer
+	bodyBytesSignIn, err := json.MarshalIndent(user.LoginCredential, "", "  ")
+	suite.NoError(err)
+
+	bodyReaderSignIn := strings.NewReader(string(bodyBytesSignIn))
+	httpRequestSignIn, err := http.NewRequest("POST", "http://localhost:7890/v1/users/signin", bodyReaderSignIn)
+	suite.NoError(err)
+
+	httpRequestSignIn.Header.Add("Content-Type", "application/json")
+	httpWriterSignIn := httptest.NewRecorder()
+	suite.wc.Dispatch(httpWriterSignIn, httpRequestSignIn)
+	assertResponseCode(suite.T(), http.StatusOK, httpWriterSignIn)
+
+	decoder := json.NewDecoder(httpWriterSignIn.Body)
+	decoder.Decode(&resp)
+	JWTBearer := "Bearer " + resp.Message
+
+	// start to change the password
+	newCred := entity.LoginCredential{
+		Username: testUsername,
+		Password: "p@ssw0rd",
+	}
+
+	newCredBodyBytes, err := json.MarshalIndent(newCred, "", "  ")
+	suite.NoError(err)
+
+	newCredBodyReader := strings.NewReader(string(newCredBodyBytes))
+	patchPasswordHTTPRequest, err := http.NewRequest("PUT", "http://localhost:7890/v1/users/password", newCredBodyReader)
+	suite.NoError(err)
+
+	patchPasswordHTTPRequest.Header.Add("Content-Type", "application/json")
+	patchPasswordHTTPRequest.Header.Add("Authorization", JWTBearer)
+	patchPasswordHTTPWriter := httptest.NewRecorder()
+	suite.wc.Dispatch(patchPasswordHTTPWriter, patchPasswordHTTPRequest)
+	assertResponseCode(suite.T(), http.StatusOK, patchPasswordHTTPWriter)
+
+	// load data to check
+	retUser := entity.User{}
+	err = suite.session.FindOne(entity.UserCollectionName, bson.M{"loginCredential.username": testUsername}, &retUser)
+	suite.NoError(err)
+
+	isCorrect := utils.CheckPasswordHash(newCred.Password, retUser.LoginCredential.Password)
+	suite.True(isCorrect)
+}
+
 func (suite *UserTestSuite) TestSignUpFailedUser() {
 	sameUsername := namesgenerator.GetRandomName(0) + "@linkernetworks.com"
 	// given a user already in mongodb

diff --git a/src/server/route.go b/src/server/route.go
@@ -66,6 +66,7 @@ func newUserService(sp *serviceprovider.Container) *restful.WebService {
 	// user role can access
 	webService.Route(webService.GET("/{id}").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, getUserHandler)))
 	webService.Route(webService.GET("/verify/auth").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, verifyTokenHandler)))
+	webService.Route(webService.PUT("/password").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, patchPasswordHandler)))
 	return webService
 }
 
@@ -175,7 +176,7 @@ func newMonitoringService(sp *serviceprovider.Container) *restful.WebService {
 	// pod
 	webService.Route(webService.GET("/pods").To(handler.RESTfulServiceHandler(sp, listPodMetricsHandler)))
 	webService.Route(webService.GET("/pods/{pod}").To(handler.RESTfulServiceHandler(sp, getPodMetricsHandler)))
-	//container
+	// container
 	webService.Route(webService.GET("/pods/{pod}/{container}").To(handler.RESTfulServiceHandler(sp, getContainerMetricsHandler)))
 	// service
 	webService.Route(webService.GET("/services").To(handler.RESTfulServiceHandler(sp, listServiceMetricsHandler)))