aboutsummaryrefslogtreecommitdiff
path: root/src/guff
diff options
context:
space:
mode:
Diffstat (limited to 'src/guff')
-rw-r--r--src/guff/api/methods.cr42
-rw-r--r--src/guff/api/test.cr10
-rw-r--r--src/guff/handlers/api.cr1
-rw-r--r--src/guff/models/user.cr111
-rw-r--r--src/guff/views/ecrs/test/auth.ecr4
5 files changed, 129 insertions, 39 deletions
diff --git a/src/guff/api/methods.cr b/src/guff/api/methods.cr
index fce6911..9b8aa3b 100644
--- a/src/guff/api/methods.cr
+++ b/src/guff/api/methods.cr
@@ -403,6 +403,48 @@ module Guff
},
},
+ "edit_user": {
+ text: "Test edit user",
+
+ args: {
+ "user_id": {
+ text: "User ID",
+ type: :int,
+ required: true,
+ },
+
+ "name": {
+ text: "Name of user",
+ type: :text,
+ required: false,
+ },
+
+ "active": {
+ text: "Is this user active?",
+ type: :bool,
+ required: false,
+ },
+
+ "role": {
+ text: "Role of user",
+ type: :text,
+ required: false,
+ },
+
+ "email": {
+ text: "Email address of user",
+ type: :text,
+ required: false,
+ },
+
+ "password": {
+ text: "Password of user",
+ type: :text,
+ required: false,
+ },
+ },
+ },
+
"login": {
text: "Test user login.",
diff --git a/src/guff/api/test.cr b/src/guff/api/test.cr
index decc5ec..91a729c 100644
--- a/src/guff/api/test.cr
+++ b/src/guff/api/test.cr
@@ -65,14 +65,16 @@ module Guff::API::TestAPI
{ "ok": true, "user_id": user_id }
end
- private def do_test_update_user(
+ private def do_test_edit_user(
context : HTTP::Server::Context,
args : Hash(String, String)
)
- @models.user.update_user(args["user_id"].to_i64,
- name: args["name"]? ? args["name"] : nil,
+ @models.user.edit_user(args["user_id"].to_i64,
+ name: args["name"]?,
active: args["active"]? ? args["active"] == "t" : nil,
- role: args["role"]? ? args["role"] : nil
+ role: args["role"]?,
+ email: args["email"]?,
+ password: args["password"]?,
)
{ "ok": true }
diff --git a/src/guff/handlers/api.cr b/src/guff/handlers/api.cr
index d9208b1..523f2f2 100644
--- a/src/guff/handlers/api.cr
+++ b/src/guff/handlers/api.cr
@@ -139,6 +139,7 @@ class Guff::Handlers::APIHandler < Guff::Handler
get_users,
set_user,
add_user,
+ edit_user,
login,
],
})
diff --git a/src/guff/models/user.cr b/src/guff/models/user.cr
index bdbb0de..d440c5c 100644
--- a/src/guff/models/user.cr
+++ b/src/guff/models/user.cr
@@ -23,7 +23,7 @@ class Guff::UserModel < Guff::Model
INSERT INTO users(user_name) VALUES (:user_name)
",
- update_user: "
+ edit_user: "
UPDATE users
SET %{sets}
WHERE user_id = :user_id
@@ -38,6 +38,12 @@ class Guff::UserModel < Guff::Model
(:user_id, :email, :pass_hash)
",
+ edit_login: "
+ UPDATE user_logins
+ SET %{sets}
+ WHERE user_id = :user_id
+ ",
+
login: "
SELECT a.user_id,
a.pass_hash
@@ -92,7 +98,7 @@ class Guff::UserModel < Guff::Model
# set active and/or role
if active || role
- update_user(user_id,
+ edit_user(user_id,
active: active,
role: role,
)
@@ -111,38 +117,46 @@ class Guff::UserModel < Guff::Model
user_id
end
- def update_user(
- user_id : Int64,
- name : String? = nil,
- active : Bool? = nil,
- role : String? = nil,
+ def edit_user(
+ user_id : Int64,
+ name : String? = nil,
+ active : Bool? = nil,
+ role : String? = nil,
+ email : String? = nil,
+ password : String? = nil,
)
- sets = [] of String
- args = { "user_id": user_id.to_s }
+ transaction do
+ sets = [] of String
+ args = { "user_id": user_id.to_s }
- if name != nil
- args["name"] = name.not_nil!
- sets << "user_name = :name"
- end
+ if name != nil
+ args["name"] = name.not_nil!
+ sets << "user_name = :name"
+ end
- if active != nil
- args["is_active"] = active.not_nil! ? "1" : "0"
- sets << "is_active = :is_active"
- end
+ if active != nil
+ args["is_active"] = active.not_nil! ? "1" : "0"
+ sets << "is_active = :is_active"
+ end
- if role != nil
- args["role"] = role.not_nil!
- sets << "
- role_id = (SELECT role_id
- FROM roles
- WHERE role_name = :role)
- "
- end
+ if role != nil
+ args["role"] = role.not_nil!
+ sets << "
+ role_id = (SELECT role_id
+ FROM roles
+ WHERE role_name = :role)
+ "
+ end
- # exec query
- query(:update_user, args, {
- "sets": sets.join(", "),
- }) if sets.size > 0
+ # exec query
+ query(:edit_user, args, {
+ "sets": sets.join(", "),
+ }) if sets.size > 0
+
+ if email != nil || password != nil
+ edit_login(user_id, email, password)
+ end
+ end
end
def delete_login(user_id : Int64)
@@ -156,11 +170,8 @@ class Guff::UserModel < Guff::Model
email : String,
password : String,
)
- # TODO: check password strength
- raise "password too short" if password.size < 4
-
# hash password
- pass_hash = Crypto::Bcrypt::Password.create(password, cost: 10).to_s
+ pass_hash = hash_password(password)
transaction do
# clear old credentials
@@ -175,6 +186,32 @@ class Guff::UserModel < Guff::Model
end
end
+ private def edit_login(
+ user_id : Int64,
+ email : String? = nil,
+ password : String? = nil,
+ )
+ transaction do
+ sets = [] of String
+ args = { "user_id": user_id.to_s }
+
+ if email != nil
+ args["email"] = email.not_nil!
+ sets << "email = :email"
+ end
+
+ if password != nil
+ args["pass_hash"] = hash_password(password.not_nil!)
+ sets << "pass_hash = :pass_hash"
+ end
+
+ # exec query
+ query(:edit_login, args, {
+ "sets": sets.join(", "),
+ }) if sets.size > 0
+ end
+ end
+
def login(
email : String,
password : String
@@ -198,4 +235,12 @@ class Guff::UserModel < Guff::Model
# return user id
row["user_id"] as Int64
end
+
+ private def hash_password(password : String)
+ # TODO: check password strength
+ raise "password too short" if password.size < 4
+
+ # hash password
+ Crypto::Bcrypt::Password.create(password, cost: 10).to_s
+ end
end
diff --git a/src/guff/views/ecrs/test/auth.ecr b/src/guff/views/ecrs/test/auth.ecr
index b683c5c..ab9f552 100644
--- a/src/guff/views/ecrs/test/auth.ecr
+++ b/src/guff/views/ecrs/test/auth.ecr
@@ -228,7 +228,7 @@
</div><!-- modal-dialog -->
</div><!-- modal -->
-<div id='edit-user' class='modal fade' role='dialog'>
+<div id='edit-dialog' class='modal fade' role='dialog'>
<div class='modal-dialog' role='document'>
<div class='modal-content'>
<div class='modal-header'>
@@ -295,7 +295,7 @@
<div class='modal-footer'>
<button
- id='edit-user-confirm'
+ id='edit-confirm'
class='btn btn-primary'
title='Update user.'
>