Allow clients to change password
This commit is contained in:
@@ -2,7 +2,6 @@ package interceptors
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"gitea.benny.dog/torjus/ezshare/pb"
|
||||
"gitea.benny.dog/torjus/ezshare/store"
|
||||
@@ -14,14 +13,15 @@ import (
|
||||
type ContextKey string
|
||||
|
||||
var ContextKeyRole ContextKey = "role"
|
||||
var ContextKeyUserID ContextKey = "userid"
|
||||
|
||||
func NewAuthInterceptor(s store.UserStore) grpc.UnaryServerInterceptor {
|
||||
// TODO: Verify that cert is signed by our ca
|
||||
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
|
||||
p, ok := peer.FromContext(ctx)
|
||||
if ok {
|
||||
tlsInfo, ok := p.AuthInfo.(credentials.TLSInfo)
|
||||
if ok {
|
||||
fmt.Printf("%+v\n", tlsInfo.State.PeerCertificates[0].Subject.CommonName)
|
||||
if len(tlsInfo.State.PeerCertificates) == 1 {
|
||||
cert := tlsInfo.State.PeerCertificates[0]
|
||||
|
||||
@@ -30,6 +30,7 @@ func NewAuthInterceptor(s store.UserStore) grpc.UnaryServerInterceptor {
|
||||
user, err := s.GetUser(id)
|
||||
if err == nil {
|
||||
newCtx := context.WithValue(ctx, ContextKeyRole, user.UserRole)
|
||||
newCtx = context.WithValue(newCtx, ContextKeyUserID, user.Id)
|
||||
return handler(newCtx, req)
|
||||
}
|
||||
}
|
||||
@@ -53,3 +54,15 @@ func RoleFromContext(ctx context.Context) pb.User_Role {
|
||||
}
|
||||
return pb.User_UNKNOWN
|
||||
}
|
||||
|
||||
func UserIDFromContext(ctx context.Context) string {
|
||||
value := ctx.Value(ContextKeyUserID)
|
||||
if value == nil {
|
||||
return ""
|
||||
}
|
||||
id, ok := value.(string)
|
||||
if ok {
|
||||
return id
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
|
||||
"gitea.benny.dog/torjus/ezshare/certs"
|
||||
"gitea.benny.dog/torjus/ezshare/pb"
|
||||
"gitea.benny.dog/torjus/ezshare/server/interceptors"
|
||||
"gitea.benny.dog/torjus/ezshare/store"
|
||||
"github.com/google/uuid"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
@@ -81,6 +82,31 @@ func (s *GRPCUserServiceServer) Approve(_ context.Context, _ *pb.ApproveUserRequ
|
||||
return nil, status.Error(codes.Unimplemented, "not yet implemented")
|
||||
}
|
||||
|
||||
func (s *GRPCUserServiceServer) ChangePassword(ctx context.Context, req *pb.ChangePasswordRequest) (*pb.Empty, error) {
|
||||
// Get ID from ctx
|
||||
userID := interceptors.UserIDFromContext(ctx)
|
||||
if userID == "" {
|
||||
return nil, status.Error(codes.Unauthenticated, "not authenticated")
|
||||
}
|
||||
user, err := s.store.GetUser(userID)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Unauthenticated, "user not found")
|
||||
}
|
||||
|
||||
if err := bcrypt.CompareHashAndPassword(user.HashedPassword, []byte(req.OldPassword)); err != nil {
|
||||
return nil, status.Error(codes.Unauthenticated, "wrong password")
|
||||
}
|
||||
newPasswordHash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Internal, "unable to hash new password")
|
||||
}
|
||||
user.HashedPassword = newPasswordHash
|
||||
if err := s.store.StoreUser(user); err != nil {
|
||||
return nil, status.Error(codes.Internal, "unable to store new password")
|
||||
}
|
||||
return &pb.Empty{}, nil
|
||||
}
|
||||
|
||||
func hashPassword(password string) ([]byte, error) {
|
||||
return bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user