From 2dcbdf312ae7ecde8dfeb0d7a1edc72999537d36 Mon Sep 17 00:00:00 2001
From: sentriz <senan@senan.xyz>
Date: Thu, 16 Jul 2020 23:29:48 +0100
Subject: [PATCH] let admins and users change usernames

---
 server/assets/pages/change_own_username.tmpl | 11 ++++
 server/assets/pages/change_username.tmpl     | 11 ++++
 server/assets/pages/home.tmpl                |  6 ++-
 server/ctrladmin/ctrl.go                     |  2 +-
 server/ctrladmin/handlers.go                 | 56 ++++++++++++++++++++
 server/ctrladmin/middleware.go               |  3 +-
 server/server.go                             |  4 ++
 7 files changed, 90 insertions(+), 3 deletions(-)
 create mode 100644 server/assets/pages/change_own_username.tmpl
 create mode 100644 server/assets/pages/change_username.tmpl

diff --git a/server/assets/pages/change_own_username.tmpl b/server/assets/pages/change_own_username.tmpl
new file mode 100644
index 0000000..d505920
--- /dev/null
+++ b/server/assets/pages/change_own_username.tmpl
@@ -0,0 +1,11 @@
+{{ define "user" }}
+<div class="padded box">
+    <div class="box-title">
+        <i class="mdi mdi-account-key"></i> changing account username
+    </div>
+    <form class="block" action="{{ path "/admin/change_own_username_do" }}" method="post">
+        <input type="text" id="username" name="username" placeholder="new username">
+        <input type="submit" value="change">
+    </form>
+</div>
+{{ end }}
diff --git a/server/assets/pages/change_username.tmpl b/server/assets/pages/change_username.tmpl
new file mode 100644
index 0000000..2fd0b54
--- /dev/null
+++ b/server/assets/pages/change_username.tmpl
@@ -0,0 +1,11 @@
+{{ define "user" }}
+<div class="padded box">
+    <div class="box-title">
+        <i class="mdi mdi-account-key"></i> changing {{ .SelectedUser.Name }}'s username
+    </div>
+    <form class="block" action="{{ printf "/admin/change_username_do?user=%s" .SelectedUser.Name | path }}" method="post">
+        <input type="text" id="username" name="username" placeholder="new username">
+        <input type="submit" value="change">
+    </form>
+</div>
+{{ end }}
diff --git a/server/assets/pages/home.tmpl b/server/assets/pages/home.tmpl
index 7936ab8..d07f49c 100644
--- a/server/assets/pages/home.tmpl
+++ b/server/assets/pages/home.tmpl
@@ -61,7 +61,9 @@
             <i>{{ $user.Name }}</i>
             <span class="text-light no-small">{{ $user.CreatedAt | date }}</span>
             <span class="text-light">&#124;</span>
-            <a href="{{ printf "/admin/change_password?user=%s" $user.Name | path }}">change password&#8230;</a>
+            <a href="{{ printf "/admin/change_username?user=%s" $user.Name | path }}">username&#8230;</a>
+            <span class="text-light">&#124;</span>
+            <a href="{{ printf "/admin/change_password?user=%s" $user.Name | path }}">password&#8230;</a>
             <span class="text-light">&#124;</span>
             {{ if $user.IsAdmin }}
                 <span class="text-light">delete&#8230;</span>
@@ -78,6 +80,8 @@
             <i class="mdi mdi-account"></i> your account
         </div>
         <div class="text-right">
+            <a href="{{ path "/admin/change_own_username" }}" class="button">change username&#8230;</a>
+            <span class="text-light">&#124;</span>
             <a href="{{ path "/admin/change_own_password" }}" class="button">change password&#8230;</a>
         </div>
     {{ end }}
diff --git a/server/ctrladmin/ctrl.go b/server/ctrladmin/ctrl.go
index 81a5828..832dc7a 100644
--- a/server/ctrladmin/ctrl.go
+++ b/server/ctrladmin/ctrl.go
@@ -267,7 +267,7 @@ func sessLogSave(s *sessions.Session, w http.ResponseWriter, r *http.Request) {
 // ## begin validation
 
 var (
-	errValiNoUsername        = errors.New("please enter the password twice")
+	errValiNoUsername        = errors.New("please enter a username")
 	errValiPasswordAllFields = errors.New("please enter the password twice")
 	errValiPasswordsNotSame  = errors.New("passwords entered were not the same")
 	errValiKeysAllFields     = errors.New("please enter the api key and secret")
diff --git a/server/ctrladmin/handlers.go b/server/ctrladmin/handlers.go
index 3908261..c023a08 100644
--- a/server/ctrladmin/handlers.go
+++ b/server/ctrladmin/handlers.go
@@ -92,6 +92,24 @@ func (c *Controller) ServeHome(r *http.Request) *Response {
 	}
 }
 
+func (c *Controller) ServeChangeOwnUsername(r *http.Request) *Response {
+	return &Response{template: "change_own_username.tmpl"}
+}
+
+func (c *Controller) ServeChangeOwnUsernameDo(r *http.Request) *Response {
+	username := r.FormValue("username")
+	if err := validateUsername(username); err != nil {
+		return &Response{
+			redirect: r.Referer(),
+			flashW:   []string{err.Error()},
+		}
+	}
+	user := r.Context().Value(CtxUser).(*db.User)
+	user.Name = username
+	c.DB.Save(user)
+	return &Response{redirect: "/admin/home"}
+}
+
 func (c *Controller) ServeChangeOwnPassword(r *http.Request) *Response {
 	return &Response{template: "change_own_password.tmpl"}
 }
@@ -143,6 +161,44 @@ func (c *Controller) ServeUnlinkLastFMDo(r *http.Request) *Response {
 	return &Response{redirect: "/admin/home"}
 }
 
+func (c *Controller) ServeChangeUsername(r *http.Request) *Response {
+	username := r.URL.Query().Get("user")
+	if username == "" {
+		return &Response{
+			err:  "please provide a username",
+			code: 400,
+		}
+	}
+	user := c.DB.GetUserByName(username)
+	if user == nil {
+		return &Response{
+			err:  "couldn't find a user with that name",
+			code: 400,
+		}
+	}
+	data := &templateData{}
+	data.SelectedUser = user
+	return &Response{
+		template: "change_username.tmpl",
+		data:     data,
+	}
+}
+
+func (c *Controller) ServeChangeUsernameDo(r *http.Request) *Response {
+	username := r.URL.Query().Get("user")
+	usernameNew := r.FormValue("username")
+	if err := validateUsername(usernameNew); err != nil {
+		return &Response{
+			redirect: r.Referer(),
+			flashW:   []string{err.Error()},
+		}
+	}
+	user := c.DB.GetUserByName(username)
+	user.Name = usernameNew
+	c.DB.Save(user)
+	return &Response{redirect: "/admin/home"}
+}
+
 func (c *Controller) ServeChangePassword(r *http.Request) *Response {
 	username := r.URL.Query().Get("user")
 	if username == "" {
diff --git a/server/ctrladmin/middleware.go b/server/ctrladmin/middleware.go
index 2fd3c5c..44227a0 100644
--- a/server/ctrladmin/middleware.go
+++ b/server/ctrladmin/middleware.go
@@ -8,11 +8,12 @@ import (
 	"github.com/gorilla/sessions"
 
 	"go.senan.xyz/gonic/server/db"
+	"go.senan.xyz/gonic/version"
 )
 
 func (c *Controller) WithSession(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		session, err := c.sessDB.Get(r, "gonic")
+		session, err := c.sessDB.Get(r, version.NAME)
 		if err != nil {
 			http.Error(w, fmt.Sprintf("error getting session: %s", err), 500)
 			return
diff --git a/server/server.go b/server/server.go
index 4e5a65b..59a5c3b 100644
--- a/server/server.go
+++ b/server/server.go
@@ -112,6 +112,8 @@ func setupAdmin(r *mux.Router, ctrl *ctrladmin.Controller) {
 	routUser.Use(ctrl.WithUserSession)
 	routUser.Handle("/logout", ctrl.HR(ctrl.ServeLogout)) // "raw" handler, updates session
 	routUser.Handle("/home", ctrl.H(ctrl.ServeHome))
+	routUser.Handle("/change_own_username", ctrl.H(ctrl.ServeChangeOwnUsername))
+	routUser.Handle("/change_own_username_do", ctrl.H(ctrl.ServeChangeOwnUsernameDo))
 	routUser.Handle("/change_own_password", ctrl.H(ctrl.ServeChangeOwnPassword))
 	routUser.Handle("/change_own_password_do", ctrl.H(ctrl.ServeChangeOwnPasswordDo))
 	routUser.Handle("/link_lastfm_do", ctrl.H(ctrl.ServeLinkLastFMDo))
@@ -122,6 +124,8 @@ func setupAdmin(r *mux.Router, ctrl *ctrladmin.Controller) {
 	// ** begin admin routes (if session is valid, and is admin)
 	routAdmin := routUser.NewRoute().Subrouter()
 	routAdmin.Use(ctrl.WithAdminSession)
+	routAdmin.Handle("/change_username", ctrl.H(ctrl.ServeChangeUsername))
+	routAdmin.Handle("/change_username_do", ctrl.H(ctrl.ServeChangeUsernameDo))
 	routAdmin.Handle("/change_password", ctrl.H(ctrl.ServeChangePassword))
 	routAdmin.Handle("/change_password_do", ctrl.H(ctrl.ServeChangePasswordDo))
 	routAdmin.Handle("/delete_user", ctrl.H(ctrl.ServeDeleteUser))