feat(auth): change password and username (#1295)

* feat(backend): added change password api endpoint. * feat(web): added profile UI to change password. I think we can change the username too, but I don't know if we should for now disabled the username field. * refactor: don't leak username or password. * refactor: protect the route. * generic * feat: add ChangeUsername * fix(tests): speculative fix for TestUserRepo_Update * Revert "feat: add ChangeUsername" This reverts commit d4c1645002883a278aa45dec3c8c19fa1cc75d9b. * refactor into 1 endpoint that handles both * feat: added option to change username as well. :pain: * refactor: frontend * refactor: function names in backend I think this makes it more clear what their function is * fix: change to 2 cols with separator * refactor: update user * fix: test db create user --------- Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com> Co-authored-by: soup <soup@r4tio.dev> Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com> Co-authored-by: ze0s <ze0s@riseup.net>
2025-07-23 16:59:12 +00:00 · 2023-12-27 01:50:57 +11:00 · 2023-12-27 01:50:57 +11:00 · df2612602b
commit df2612602b
parent d898b3cd8d
17 changed files with 390 additions and 57 deletions
--- a/internal/database/user.go
+++ b/internal/database/user.go
@ -49,7 +49,6 @@ func (r *UserRepo) GetUserCount(ctx context.Context) (int, error) {
 }

 func (r *UserRepo) FindByUsername(ctx context.Context, username string) (*domain.User, error) {
-
 	queryBuilder := r.db.squirrel.
 		Select("id", "username", "password").
 		From("users").
@ -79,9 +78,6 @@ func (r *UserRepo) FindByUsername(ctx context.Context, username string) (*domain
 }

 func (r *UserRepo) Store(ctx context.Context, req domain.CreateUserRequest) error {
-
-	var err error
-
 	queryBuilder := r.db.squirrel.
 		Insert("users").
 		Columns("username", "password").
@ -100,15 +96,18 @@ func (r *UserRepo) Store(ctx context.Context, req domain.CreateUserRequest) erro
 	return err
 }

-func (r *UserRepo) Update(ctx context.Context, user domain.User) error {
+func (r *UserRepo) Update(ctx context.Context, user domain.UpdateUserRequest) error {
+	queryBuilder := r.db.squirrel.Update("users")

-	var err error
+	if user.UsernameNew != "" {
+		queryBuilder = queryBuilder.Set("username", user.UsernameNew)
+	}

-	queryBuilder := r.db.squirrel.
-		Update("users").
-		Set("username", user.Username).
-		Set("password", user.Password).
-		Where(sq.Eq{"username": user.Username})
+	if user.PasswordNewHash != "" {
+		queryBuilder = queryBuilder.Set("password", user.PasswordNewHash)
+	}
+
+	queryBuilder = queryBuilder.Where(sq.Eq{"username": user.UsernameCurrent})

 	query, args, err := queryBuilder.ToSql()
 	if err != nil {
@ -120,11 +119,10 @@ func (r *UserRepo) Update(ctx context.Context, user domain.User) error {
 		return errors.Wrap(err, "error executing query")
 	}

-	return err
+	return nil
 }

 func (r *UserRepo) Delete(ctx context.Context, username string) error {
-
 	queryBuilder := r.db.squirrel.
 		Delete("users").
 		Where(sq.Eq{"username": username})
--- a/internal/database/user_test.go
+++ b/internal/database/user_test.go
@ -55,11 +55,19 @@ func TestUserRepo_Update(t *testing.T) {
 		})
 		assert.NoError(t, err)

+		storedUser, err := repo.FindByUsername(context.Background(), user.Username)
+		assert.NoError(t, err)
+		user.ID = storedUser.ID
+
 		t.Run(fmt.Sprintf("UpdateUser_Succeeds [%s]", dbType), func(t *testing.T) {
 			// Update the user
 			newPassword := "newPassword123"
 			user.Password = newPassword
-			err := repo.Update(context.Background(), user)
+			req := domain.UpdateUserRequest{
+				UsernameCurrent: user.Username,
+				PasswordNewHash: newPassword,
+			}
+			err := repo.Update(context.Background(), req)
 			assert.NoError(t, err)

 			// Verify
@ -68,7 +76,7 @@ func TestUserRepo_Update(t *testing.T) {
 			assert.Equal(t, newPassword, updatedUser.Password)

 			// Cleanup
-			_ = repo.Delete(context.Background(), user.Username)
+			_ = repo.Delete(context.Background(), updatedUser.Username)
 		})
 	}
 }