bebe/bamort
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

As Admin we can change passwords for other users

Browse Source 
Role is displayed in user profile
This commit is contained in:
Frank
2025-12-30 08:31:37 +01:00
parent fd2c2462b2
commit 5df67ff649
6 changed files with 196 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/user/admin_handlers.go
+51
View File
@@ -3,6 +3,8 @@ package user
import (
"bamort/database"
"bamort/logger"
"crypto/md5"
"encoding/hex"
"fmt"
"net/http"
"strconv"
@@ -192,3 +194,52 @@ func DeleteUser(c *gin.Context) {
"message": "User deleted successfully",
})
}
// ChangeUserPassword allows admin to change a user's password (admin only)
func ChangeUserPassword(c *gin.Context) {
logger.Debug("Admin changing user password...")
userIDParam := c.Param("id")
targetUserID, err := strconv.ParseUint(userIDParam, 10, 32)
if err != nil {
logger.Error("Invalid user ID: %s", userIDParam)
respondWithError(c, http.StatusBadRequest, "Invalid user ID")
return
}
var input struct {
NewPassword string `json:"new_password" binding:"required,min=6"`
}
if err := c.ShouldBindJSON(&input); err != nil {
logger.Error("Failed to parse password data: %s", err.Error())
respondWithError(c, http.StatusBadRequest, "New password (min 6 characters) is required")
return
}
var user User
if err := user.FirstId(uint(targetUserID)); err != nil {
logger.Error("User not found: %d", targetUserID)
respondWithError(c, http.StatusNotFound, "User not found")
return
}
// Get requesting user for logging
requestingUserInterface, _ := c.Get("user")
requestingUser, _ := requestingUserInterface.(*User)
// Hash new password using MD5 (same as registration)
hashedPassword := md5.Sum([]byte(input.NewPassword))
user.PasswordHash = hex.EncodeToString(hashedPassword[:])
if err := user.Save(); err != nil {
logger.Error("Failed to update password for user %s: %s", user.Username, err.Error())
respondWithError(c, http.StatusInternalServerError, "Failed to update password")
return
}
logger.Info("Password changed for user %s (ID: %d) by admin %s", user.Username, user.UserID, requestingUser.Username)
c.JSON(http.StatusOK, gin.H{
"message": "Password updated successfully",
})
}
backend/user/routes.go
+1
View File
@@ -21,6 +21,7 @@ func RegisterRoutes(r *gin.RouterGroup) {
adminGroup.GET("", ListUsers)
adminGroup.GET("/:id", GetUser)
adminGroup.PUT("/:id/role", UpdateUserRole)
adminGroup.PUT("/:id/password", ChangeUserPassword)
adminGroup.DELETE("/:id", DeleteUser)
}
}