From 70c4bfaffa9937af05402a875ff17d706ebb4ef8 Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Fri, 26 Mar 2021 22:50:55 +0100
Subject: [PATCH] Introduce HandlerUserSettings to change user settings, e. g.
 pw changes

---
 authenticator.cpp                |  1 +
 handlers/handlerfactory.cpp      |  5 +++
 handlers/handlerusersettings.cpp | 72 ++++++++++++++++++++++++++++++++
 handlers/handlerusersettings.h   | 13 ++++++
 4 files changed, 91 insertions(+)
 create mode 100644 handlers/handlerusersettings.cpp
 create mode 100644 handlers/handlerusersettings.h

diff --git a/authenticator.cpp b/authenticator.cpp
index b742710..6a84b60 100644
--- a/authenticator.cpp
+++ b/authenticator.cpp
@@ -1,5 +1,6 @@
 #include <atomic>
 #include <openssl/evp.h>
+#include <mutex>
 #include "utils.h"
 #include "authenticator.h"
 #include "logger.h"
diff --git a/handlers/handlerfactory.cpp b/handlers/handlerfactory.cpp
index a5938fc..f9e5ff7 100644
--- a/handlers/handlerfactory.cpp
+++ b/handlers/handlerfactory.cpp
@@ -32,6 +32,7 @@ SOFTWARE.
 #include "handlercategory.h"
 #include "handlerhistory.h"
 #include "handlerpagedelete.h"
+#include "handlerusersettings.h"
 
 std::unique_ptr<Handler> HandlerFactory::createHandler(const std::string &action, Session &userSession)
 {
@@ -75,6 +76,10 @@ std::unique_ptr<Handler> HandlerFactory::createHandler(const std::string &action
 	{
 		return produce<HandlerHistory>(userSession);
 	}
+	if(action == "usersettings")
+	{
+		return produce<HandlerUserSettings>(userSession);
+	}
 
 	return produce<HandlerInvalidAction>(userSession);
 }
diff --git a/handlers/handlerusersettings.cpp b/handlers/handlerusersettings.cpp
new file mode 100644
index 0000000..e8d63ec
--- /dev/null
+++ b/handlers/handlerusersettings.cpp
@@ -0,0 +1,72 @@
+#include "handlerusersettings.h"
+#include "../authenticator.h"
+#include "../random.h"
+#include "../database/exceptions.h"
+
+Response HandlerUserSettings::handleRequest(const Request &r)
+{
+	if(r.getRequestMethod() == "POST")
+	{
+		if(r.post("do") == "submit")
+		{
+			std::string oldpassword = r.post("oldpassword");
+			std::string newpassword = r.post("newpassword");
+			std::string newpasswordconfirm = r.post("newpasswordconfirm");
+
+			if(newpassword != newpasswordconfirm)
+			{
+				//TODO: is not nice, users has to hit the back button...
+				return this->errorResponse("Passwords don't match", "The entered new passwords don't match");
+			}
+			auto userDao = this->database->createUserDao();
+			Authenticator authenticator(*userDao);
+
+			std::variant<User, AuthenticationError> authresult = authenticator.authenticate(this->userSession->user.login, oldpassword);
+			if(std::holds_alternative<AuthenticationError>(authresult))
+			{
+				return this->errorResponse("Invalid current password", "The old password you entered is invalid");
+			}
+			Random r;
+			std::vector<char> salt = r.getRandom(23);
+			User user = std::get<User>(authresult);
+			user.salt = salt;
+			user.password = authenticator.hash(newpassword, user.salt);
+			if(user.password.empty())
+			{
+				Logger::error() << "Authenticator returned empty hash";
+				return this->errorResponse("Error", "An error occured while trying to store new password");
+			}
+			try
+			{
+				userDao->save(user);
+			}
+			catch(const DatabaseException &e)
+			{
+				Logger::debug() << "Error saving user: " << e.what();
+				return errorResponse("Error", "A database error occured while trying to save user with new settings");
+			}
+
+			return Response::redirectTemporarily(this->urlProvider->userSettings());
+		}
+	}
+
+	TemplatePage &userSettingsPage = this->templ->getPage("usersettings");
+	setGeneralVars(userSettingsPage);
+	userSettingsPage.setVar("usersettingsurl", urlProvider->userSettings());
+	userSettingsPage.setVar("title", createPageTitle("User settings - " + this->userSession->user.login));
+	Response result;
+	result.setStatus(200);
+	result.setBody(userSettingsPage.render());
+
+	return result;
+}
+
+bool HandlerUserSettings::canAccess(const Permissions &perms)
+{
+	return this->userSession->loggedIn;
+}
+
+std::string HandlerUserSettings::accessErrorMessage()
+{
+	return "Only logged-in users can change their settings";
+}
diff --git a/handlers/handlerusersettings.h b/handlers/handlerusersettings.h
new file mode 100644
index 0000000..364e586
--- /dev/null
+++ b/handlers/handlerusersettings.h
@@ -0,0 +1,13 @@
+#ifndef HANDLERUSERSETTINGS_H
+#define HANDLERUSERSETTINGS_H
+#include "handler.h"
+class HandlerUserSettings : public Handler
+{
+  public:
+	using Handler::Handler;
+	Response handleRequest(const Request &r);
+	bool canAccess(const Permissions &perms);
+	std::string accessErrorMessage();
+};
+
+#endif // HANDLERUSERSETTINGS_H