implemented password update procedure

2025-07-02 00:16:13 +02:00
parent 06c620230d
commit 2c2eaacd5d
11 changed files with 176 additions and 10 deletions
--- a/frontend/src/routes/user/ClickInput.svelte
+++ b/frontend/src/routes/user/ClickInput.svelte
@@ -1,6 +1,6 @@
 <script>
-    import { t } from '../../translations.svelte.js';
-    import { checkUser } from '../../user.svelte.js';
+    import { t } from '../translations.svelte.js';
+    import { checkUser } from '../user.svelte.js';

    let { key, onUpdate, value } = $props();

--- a/frontend/src/routes/user/ClickSelect.svelte
+++ b/frontend/src/routes/user/ClickSelect.svelte
@@ -1,6 +1,6 @@
 <script>
-    import { t } from '../../translations.svelte.js';
-    import { checkUser } from '../../user.svelte.js';
+    import { t } from '../translations.svelte.js';
+    import { checkUser } from '../user.svelte.js';

    let { fetchOptions, key, value, onUpdate } = $props();

--- a/frontend/src/routes/user/EditableField.svelte
+++ b/frontend/src/routes/user/EditableField.svelte
--- a/frontend/src/routes/user/EditPassword.svelte
+++ b/frontend/src/routes/user/EditPassword.svelte
@@ -0,0 +1,64 @@
+<script>
+    import { t } from '../../translations.svelte.js';
+
+    let { editPassword = $bindable() } = $props();
+
+    let oldPass = $state("");
+    let newPass = $state("");
+    let repeat  = $state("");
+
+    let oldEmpty = $derived(!/\S/.test(oldPass));
+    let newEmpty = $derived(!/\S/.test(newPass));
+    let mismatch = $derived(newPass != repeat);
+
+    function abort(){
+        editPassword = false;
+    }
+
+    async function submit(){
+        const url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/password`;
+        const data = {
+            old: oldPass,
+            new: newPass
+        };
+        const resp = await fetch(url,{
+            method: 'PATCH',
+            body: JSON.stringify(data),
+            credentials: 'include'
+        });
+        if (resp.ok){
+            const json = await resp.json();
+            console.log(json);
+        }
+    }
+</script>
+
+<style>
+    label{
+        display: block;
+    }
+</style>
+
+<fieldset class="overlay">
+    <legend>{t('user.edit_password')}</legend>
+    <label>
+        <input type="password" bind:value={oldPass} /> {t('user.old_password')}
+        {#if oldEmpty}
+        <span class="error">{t('user.must_not_be_empty')}</span>
+        {/if}
+    </label>
+    <label>
+        <input type="password" bind:value={newPass} /> {t('user.new_password')}
+        {#if newEmpty}
+        <span class="error">{t('user.must_not_be_empty')}</span>
+        {/if}
+    </label>
+    <label>
+        <input type="password" bind:value={repeat} /> {t('user.repeat_new_password')}
+        {#if mismatch}
+        <span class="error">{t('user.mismatch')}</span>
+        {/if}
+    </label>
+    <button onclick={submit} disabled={oldEmpty||newEmpty||mismatch}>{t('user.update')}</button>
+    <button onclick={abort}>{t('user.abort')}</button>
+</fieldset>
--- a/frontend/src/routes/user/User.svelte
+++ b/frontend/src/routes/user/User.svelte
@@ -1,9 +1,10 @@
 <script>
    import { t } from '../../translations.svelte.js';
    import { user } from '../../user.svelte.js';
-    import EditableField from './EditableField.svelte';
-    import ClickInput from './ClickInput.svelte';
-    import ClickSelect from './ClickSelect.svelte';
+    import ClickInput from '../../Components/ClickInput.svelte';
+    import ClickSelect from '../../Components/ClickSelect.svelte';
+    import EditPassword from './EditPassword.svelte';
+    let editPassword = false;

    async function patch(changeset){
        const url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/${user.id}`;
@@ -65,6 +66,16 @@
                <ClickSelect key='theme' value={user.theme} fetchOptions={fetchThemes} onUpdate={patch} />
            </td>
        </tr>
+        <tr>
+            <th>{t('user.password')}</th>
+            <td>
+                {#if editPassword}
+                <EditPassword bind:editPassword={editPassword} />
+                {:else}
+                <button onclick={() => editPassword = true}>{t('user.edit_password')}</button>
+                {/if}
+            </td>
+        </tr>
        <tr>
            <th>{t('user.permissions')}</th>
            <td>
--- a/frontend/src/translations.svelte.js
+++ b/frontend/src/translations.svelte.js
@@ -13,7 +13,7 @@ export function t(key,...args){
    for (let token of keys){
        if (!set[token]){
            console.log('Missing translation for '+key);
-            return keys[keys.length-1].replace('_',' ');
+            return keys[keys.length-1].replaceAll('_',' ');
        }
        set = set[token];
    }
--- a/translations/src/main/resources/de.json
+++ b/translations/src/main/resources/de.json
@@ -20,6 +20,7 @@
  "user" : {
    "CREATE_USERS": "NUTZER ANLEGEN",
    "DELETE_USERS": "NUTZER LÖSCHEN",
+    "edit_password": "Passwort ändern",
    "email": "E-Mail",
    "id": "Id",
    "IMPERSONATE": "NUTZER WECHSELN",
@@ -28,6 +29,7 @@
    "login": "Login",
    "MANAGE_LOGIN_SERVICES": "LOGIN-SERVICES VERWALTEN",
    "name": "Name",
+    "password": "Passwort",
    "permissions": "Berechtigungen",
    "profile": "Profil",
    "theme": "Design",
--- a/user/src/main/java/de/srsoftware/umbrella/user/UserModule.java
+++ b/user/src/main/java/de/srsoftware/umbrella/user/UserModule.java
@@ -26,6 +26,7 @@ import java.time.Instant;
 import java.util.List;
 import java.util.Set;
 import org.json.JSONObject;
+import org.sqlite.core.DB;


 public class UserModule extends PathHandler {
@@ -93,6 +94,7 @@ public class UserModule extends PathHandler {
 		long userId;
 		try {
 			if (head == null || head.isBlank()) return sendContent(ex,UNPROCESSABLE,"User id missing!");
+			if (PASSWORD.equals(head)) return patchPassword(ex,requestingUser);
 			userId = Long.parseLong(head);
 		} catch (NumberFormatException e) {
 			return sendContent(ex,UNPROCESSABLE,"Invalid user id: "+head);
@@ -125,6 +127,29 @@ public class UserModule extends PathHandler {
 		}
 	}

+	private boolean patchPassword(HttpExchange ex, UmbrellaUser requestingUser) throws IOException {
+		if (!(requestingUser instanceof DbUser user)) return sendContent(ex,SERVER_ERROR,"DbUser expected");
+		JSONObject json;
+		try {
+			json = json(ex);
+		} catch (Exception e){
+			LOG.log(WARNING,"Request does not contain valid JSON",e);
+			return sendContent(ex,BAD_REQUEST,"Body contains no JSON data");
+		}
+		if (!json.has("old") || !(json.get("old") instanceof String oldpass) || oldpass.isBlank()) return sendContent(ex,UNPROCESSABLE,"old password missing!");
+		if (!json.has("new") || !(json.get("new") instanceof String newpass) || newpass.isBlank()) return sendContent(ex,UNPROCESSABLE,"new password missing!");
+		var old = Password.of(BAD_HASHER.hash(oldpass,null));
+		if (!user.hashedPassword().equals(old)) return sendContent(ex,UNAUTHORIZED,"Wrong password (old)");
+		if (weak(newpass)) return sendContent(ex,BAD_REQUEST,"New password too weak!");
+		var pass = Password.of(BAD_HASHER.hash(newpass,null));
+		try {
+			var updated = users.save(new DbUser(user.id(), user.name(), user.email(), pass, user.theme(), user.language(), user.permissions(), null));
+			return sendContent(ex, updated);
+		} catch (UmbrellaException e) {
+			return sendContent(ex,e.statusCode(),e.getMessage());
+		}
+	}
+
 	@Override
 	public boolean doPost(Path path, HttpExchange ex) throws IOException {
 		addCors(ex);
@@ -191,4 +216,18 @@ public class UserModule extends PathHandler {
 		var saved = users.save(new DbUser(id,name,email,pass,theme,lang, user.permissions(),null));
 		return sendContent(ex,OK,saved);
 	}
+
+	static int score(String password){
+		if (password == null) return 0;
+		var score = 0;
+		for (int i=0; i<password.length(); i++){
+			int c = password.charAt(i);
+			score += Character.isDigit(c) || Character.isLetter(c) ? 1 : 3;
+		}
+		return score;
+	}
+
+	private static boolean weak(String password){
+		return score(password) < 14;
+	};
 }
--- a/user/src/main/java/de/srsoftware/umbrella/user/model/Password.java
+++ b/user/src/main/java/de/srsoftware/umbrella/user/model/Password.java
@@ -9,6 +9,13 @@ public class Password implements CharSequence{
 		this.pass = val;
 	}

+	@Override
+	public boolean equals(Object obj) {
+		if (obj instanceof String s) return s.equals(pass);
+		if (!(obj instanceof Password other)) return false;
+		return pass != null && pass.equals(other.pass);
+	}
+
 	@Override
 	public int length() {
 		return pass.length();
--- a/web/src/main/resources/web/css/default.css
+++ b/web/src/main/resources/web/css/default.css
@@ -0,0 +1,37 @@
+a {
+    color: orange;
+}
+body {
+    background: black;
+    color: orange;
+}
+
+fieldset {
+    border: 1px solid orange;
+    border-radius: 4px;
+}
+
+input{
+    background: black;
+    border: 1px dotted orange;
+    border-radius: 4px;
+    padding: 3px;
+    margin: 3px;
+    color: orange;
+}
+
+button{
+    background: orange;
+    border-radius: 5px;
+    padding: 5px 7px;
+    border-width: 2px;
+    border-style: solid;
+    border-color: yellow red red yellow;
+}
+footer {
+  position: absolute;
+  bottom: 0;
+  width: 100%;
+  text-align: center;
+  margin: 5px;
+}
--- a/web/src/main/resources/web/css/winter.css
+++ b/web/src/main/resources/web/css/winter.css
@@ -1,11 +1,17 @@
 a {
    color: black;
 }
+
 body {
    background: white;
    color: navy;
 }

+button:disabled{
+    color:lightgray;
+    border-color:lightgray;
+}
+
 fieldset {
    border: 1px solid blue;
    border-radius: 4px;
@@ -21,12 +27,12 @@ input{
 }

 button{
-    background: red;
+    background: snow;
    border-radius: 5px;
    padding: 5px 7px;
    border-width: 2px;
    border-style: solid;
-    border-color: yellow red red yellow;
+    border-color: darkgray black black darkgray;
 }
 footer {
  position: absolute;