let admins and users change usernames

2020-07-16 23:29:48 +01:00
parent ab0d15982a
commit 2dcbdf312a
7 changed files with 90 additions and 3 deletions
--- a/server/assets/pages/change_own_username.tmpl
+++ b/server/assets/pages/change_own_username.tmpl
@@ -0,0 +1,11 @@
+{{ define "user" }}
+<div class="padded box">
+    <div class="box-title">
+        <i class="mdi mdi-account-key"></i> changing account username
+    </div>
+    <form class="block" action="{{ path "/admin/change_own_username_do" }}" method="post">
+        <input type="text" id="username" name="username" placeholder="new username">
+        <input type="submit" value="change">
+    </form>
+</div>
+{{ end }}
--- a/server/assets/pages/change_username.tmpl
+++ b/server/assets/pages/change_username.tmpl
@@ -0,0 +1,11 @@
+{{ define "user" }}
+<div class="padded box">
+    <div class="box-title">
+        <i class="mdi mdi-account-key"></i> changing {{ .SelectedUser.Name }}'s username
+    </div>
+    <form class="block" action="{{ printf "/admin/change_username_do?user=%s" .SelectedUser.Name | path }}" method="post">
+        <input type="text" id="username" name="username" placeholder="new username">
+        <input type="submit" value="change">
+    </form>
+</div>
+{{ end }}
--- a/server/assets/pages/home.tmpl
+++ b/server/assets/pages/home.tmpl
@@ -61,7 +61,9 @@
            <i>{{ $user.Name }}</i>
            <span class="text-light no-small">{{ $user.CreatedAt | date }}</span>
            <span class="text-light">&#124;</span>
-            <a href="{{ printf "/admin/change_password?user=%s" $user.Name | path }}">change password&#8230;</a>
+            <a href="{{ printf "/admin/change_username?user=%s" $user.Name | path }}">username&#8230;</a>
+            <span class="text-light">&#124;</span>
+            <a href="{{ printf "/admin/change_password?user=%s" $user.Name | path }}">password&#8230;</a>
            <span class="text-light">&#124;</span>
            {{ if $user.IsAdmin }}
                <span class="text-light">delete&#8230;</span>
@@ -78,6 +80,8 @@
            <i class="mdi mdi-account"></i> your account
        </div>
        <div class="text-right">
+            <a href="{{ path "/admin/change_own_username" }}" class="button">change username&#8230;</a>
+            <span class="text-light">&#124;</span>
            <a href="{{ path "/admin/change_own_password" }}" class="button">change password&#8230;</a>
        </div>
    {{ end }}
--- a/server/ctrladmin/ctrl.go
+++ b/server/ctrladmin/ctrl.go
@@ -267,7 +267,7 @@ func sessLogSave(s *sessions.Session, w http.ResponseWriter, r *http.Request) {
 // ## begin validation

 var (
-	errValiNoUsername        = errors.New("please enter the password twice")
+	errValiNoUsername        = errors.New("please enter a username")
 	errValiPasswordAllFields = errors.New("please enter the password twice")
 	errValiPasswordsNotSame  = errors.New("passwords entered were not the same")
 	errValiKeysAllFields     = errors.New("please enter the api key and secret")
--- a/server/ctrladmin/handlers.go
+++ b/server/ctrladmin/handlers.go
@@ -92,6 +92,24 @@ func (c *Controller) ServeHome(r *http.Request) *Response {
 	}
 }

+func (c *Controller) ServeChangeOwnUsername(r *http.Request) *Response {
+	return &Response{template: "change_own_username.tmpl"}
+}
+
+func (c *Controller) ServeChangeOwnUsernameDo(r *http.Request) *Response {
+	username := r.FormValue("username")
+	if err := validateUsername(username); err != nil {
+		return &Response{
+			redirect: r.Referer(),
+			flashW:   []string{err.Error()},
+		}
+	}
+	user := r.Context().Value(CtxUser).(*db.User)
+	user.Name = username
+	c.DB.Save(user)
+	return &Response{redirect: "/admin/home"}
+}
+
 func (c *Controller) ServeChangeOwnPassword(r *http.Request) *Response {
 	return &Response{template: "change_own_password.tmpl"}
 }
@@ -143,6 +161,44 @@ func (c *Controller) ServeUnlinkLastFMDo(r *http.Request) *Response {
 	return &Response{redirect: "/admin/home"}
 }

+func (c *Controller) ServeChangeUsername(r *http.Request) *Response {
+	username := r.URL.Query().Get("user")
+	if username == "" {
+		return &Response{
+			err:  "please provide a username",
+			code: 400,
+		}
+	}
+	user := c.DB.GetUserByName(username)
+	if user == nil {
+		return &Response{
+			err:  "couldn't find a user with that name",
+			code: 400,
+		}
+	}
+	data := &templateData{}
+	data.SelectedUser = user
+	return &Response{
+		template: "change_username.tmpl",
+		data:     data,
+	}
+}
+
+func (c *Controller) ServeChangeUsernameDo(r *http.Request) *Response {
+	username := r.URL.Query().Get("user")
+	usernameNew := r.FormValue("username")
+	if err := validateUsername(usernameNew); err != nil {
+		return &Response{
+			redirect: r.Referer(),
+			flashW:   []string{err.Error()},
+		}
+	}
+	user := c.DB.GetUserByName(username)
+	user.Name = usernameNew
+	c.DB.Save(user)
+	return &Response{redirect: "/admin/home"}
+}
+
 func (c *Controller) ServeChangePassword(r *http.Request) *Response {
 	username := r.URL.Query().Get("user")
 	if username == "" {
--- a/server/ctrladmin/middleware.go
+++ b/server/ctrladmin/middleware.go
@@ -8,11 +8,12 @@ import (
 	"github.com/gorilla/sessions"

 	"go.senan.xyz/gonic/server/db"
+	"go.senan.xyz/gonic/version"
 )

 func (c *Controller) WithSession(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		session, err := c.sessDB.Get(r, "gonic")
+		session, err := c.sessDB.Get(r, version.NAME)
 		if err != nil {
 			http.Error(w, fmt.Sprintf("error getting session: %s", err), 500)
 			return
--- a/server/server.go
+++ b/server/server.go
@@ -112,6 +112,8 @@ func setupAdmin(r *mux.Router, ctrl *ctrladmin.Controller) {
 	routUser.Use(ctrl.WithUserSession)
 	routUser.Handle("/logout", ctrl.HR(ctrl.ServeLogout)) // "raw" handler, updates session
 	routUser.Handle("/home", ctrl.H(ctrl.ServeHome))
+	routUser.Handle("/change_own_username", ctrl.H(ctrl.ServeChangeOwnUsername))
+	routUser.Handle("/change_own_username_do", ctrl.H(ctrl.ServeChangeOwnUsernameDo))
 	routUser.Handle("/change_own_password", ctrl.H(ctrl.ServeChangeOwnPassword))
 	routUser.Handle("/change_own_password_do", ctrl.H(ctrl.ServeChangeOwnPasswordDo))
 	routUser.Handle("/link_lastfm_do", ctrl.H(ctrl.ServeLinkLastFMDo))
@@ -122,6 +124,8 @@ func setupAdmin(r *mux.Router, ctrl *ctrladmin.Controller) {
 	// ** begin admin routes (if session is valid, and is admin)
 	routAdmin := routUser.NewRoute().Subrouter()
 	routAdmin.Use(ctrl.WithAdminSession)
+	routAdmin.Handle("/change_username", ctrl.H(ctrl.ServeChangeUsername))
+	routAdmin.Handle("/change_username_do", ctrl.H(ctrl.ServeChangeUsernameDo))
 	routAdmin.Handle("/change_password", ctrl.H(ctrl.ServeChangePassword))
 	routAdmin.Handle("/change_password_do", ctrl.H(ctrl.ServeChangePasswordDo))
 	routAdmin.Handle("/delete_user", ctrl.H(ctrl.ServeDeleteUser))