github.com/greenpau/go-authcrunch@v1.1.4/pkg/authn/password_form_validator.go (about)

     1  // Copyright 2022 Paul Greenberg greenpau@outlook.com
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package authn
    16  
    17  import (
    18  	"fmt"
    19  	"github.com/greenpau/go-authcrunch/pkg/requests"
    20  	"net/http"
    21  )
    22  
    23  func validatePasswordChangeForm(r *http.Request, rr *requests.Request) error {
    24  	if r.Header.Get("Content-Type") != "application/x-www-form-urlencoded" {
    25  		return fmt.Errorf("Unsupported content type")
    26  	}
    27  	if err := r.ParseForm(); err != nil {
    28  		return fmt.Errorf("Failed parsing submitted form")
    29  	}
    30  	for _, k := range []string{"secret1", "secret2", "secret3"} {
    31  		if r.PostFormValue(k) == "" {
    32  			return fmt.Errorf("Required form field not found")
    33  		}
    34  	}
    35  	if r.PostFormValue("secret1") == "" {
    36  		return fmt.Errorf("Current password is empty")
    37  	}
    38  	if r.PostFormValue("secret2") == "" {
    39  		return fmt.Errorf("New password is empty")
    40  	}
    41  	if r.PostFormValue("secret2") != r.PostFormValue("secret3") {
    42  		return fmt.Errorf("New password mismatch")
    43  	}
    44  	if r.PostFormValue("secret1") == r.PostFormValue("secret2") {
    45  		return fmt.Errorf("New password matches current password")
    46  	}
    47  	rr.User.OldPassword = r.PostFormValue("secret1")
    48  	rr.User.Password = r.PostFormValue("secret2")
    49  	return nil
    50  }
    51  
    52  func validateSandboxPasswordForm(r *http.Request, rr *requests.Request) error {
    53  	if r.Header.Get("Content-Type") != "application/x-www-form-urlencoded" {
    54  		return fmt.Errorf("Unsupported content type")
    55  	}
    56  	if err := r.ParseForm(); err != nil {
    57  		return fmt.Errorf("Failed parsing submitted form")
    58  	}
    59  	if r.PostFormValue("secret") == "" {
    60  		return fmt.Errorf("Password is empty")
    61  	}
    62  	rr.User.Password = r.PostFormValue("secret")
    63  	return nil
    64  }