yogsototh/espial
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

adjust password validation

Browse source
This commit is contained in:
Jon Schoning 2021-10-09 14:30:41 -05:00
parent a080c3017a
commit ed27a32cff
No known key found for this signature in database
GPG key ID: F356416A06AC0A60
2 changed files with 22 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/Handler/AccountSettings.hs
View file

@ -34,17 +34,23 @@ getChangePasswordR = do
postChangePasswordR :: Handler Html postChangePasswordR :: Handler Html
postChangePasswordR = do postChangePasswordR = do
userId <- requireAuthId (userId, user) <- requireAuthPair
mauthuname <- maybeAuthUsername runInputPostResult ((,) <$> ireq textField "oldpassword" <*> ireq textField "newpassword") >>= \case
mresult <- runInputPostResult ((,) <$> ireq textField "oldpassword" <*> ireq textField "newpassword") FormSuccess (old, new) -> do
case (mauthuname, mresult) of runDB (authenticatePassword (userName user) old) >>= \case
(Just uname, FormSuccess (old, new)) -> do Nothing -> setMessage "Incorrect Old Password"
muser <- runDB (authenticatePassword uname old) Just _ -> validateNewPassword new >>= \case
case muser of Just newValid -> do
Just _ -> do newHash <- liftIO (hashPassword newValid)
new' <- liftIO (hashPassword new) void $ runDB (update userId [UserPasswordHash CP.=. newHash])
void $ runDB (update userId [UserPasswordHash CP.=. new']) setMessage "Password Changed Successfully"
setMessage "Password Changed Successfully" _ -> pure ()
_ -> setMessage "Incorrect Old Password"
_ -> setMessage "Missing Required Fields" _ -> setMessage "Missing Required Fields"
redirect ChangePasswordR redirect ChangePasswordR
validateNewPassword :: Text -> Handler (Maybe Text)
validateNewPassword = \case
new | length new < 6 -> do
setMessage "Password must be at least 6 characters long"
pure Nothing
new -> pure $ Just new

9
src/Model.hs
View file

@ -148,13 +148,12 @@ sqliteGroupConcat expr sep = unsafeSqlFunction "GROUP_CONCAT" [expr, sep]
authenticatePassword :: Text -> Text -> DB (Maybe (Entity User)) authenticatePassword :: Text -> Text -> DB (Maybe (Entity User))
authenticatePassword username password = do authenticatePassword username password = do
muser <- getBy (UniqueUserName username) getBy (UniqueUserName username) >>= \case
case muser of Nothing -> pure Nothing
Nothing -> return Nothing
Just dbuser -> Just dbuser ->
if validatePasswordHash (userPasswordHash (entityVal dbuser)) password if validatePasswordHash (userPasswordHash (entityVal dbuser)) password
then return (Just dbuser) then pure (Just dbuser)
else return Nothing else pure Nothing
getUserByName :: UserNameP -> DB (Maybe (Entity User)) getUserByName :: UserNameP -> DB (Maybe (Entity User))
getUserByName (UserNameP uname) = getUserByName (UserNameP uname) =