package usersimport ( "context" "database/sql" "unicode" "unicode/ut

1. package users
2.  
3. import (
4.     "context"
5.     "database/sql"
6.     "unicode"
7.     "unicode/utf8"
8.  
9.     "google.golang.org/grpc/codes"
10.     "google.golang.org/grpc/status"
11.  
12.     "golang.org/x/crypto/bcrypt"
13.  
14.     "users/proto"
15. )
16.  
17. // ChangePassword changes the password of a specific user
18. func (u *Users) ChangePassword(ctx context.Context, req *pbusers.ChangePasswordRequest) (*pbusers.ChangePasswordResponse, error) {
19.     rsp := &pbusers.ChangePasswordResponse{}
20.  
21.     // Check if the password meets the security requirements
22.     if utf8.RuneCountInString(req.Password) <= 9 {
23.         return rsp, status.Error(codes.InvalidArgument, "the new password didn't meet the security requirements: the password needs to be at least 10 characters long")
24.     }
25.  
26.     hasUppercase := false
27.     hasLowercase := false
28.     hasDigit := false
29.  
30.     for _, c := range req.Password {
31.         if unicode.IsDigit(c) {
32.             hasDigit = true
33.         }
34.  
35.         if unicode.IsUpper(c) {
36.             hasUppercase = true
37.         }
38.  
39.         if unicode.IsLower(c) {
40.             hasLowercase = true
41.         }
42.     }
43.  
44.     if !hasUppercase || !hasLowercase {
45.         return rsp, status.Error(codes.InvalidArgument, "the new password didn't meet the security requirements: the password needs to have at least one uppercase and one lowercase letter")
46.     }
47.  
48.     if !hasDigit {
49.         return rsp, status.Error(codes.InvalidArgument, "the new password didn't meet the security requirements: the password needs to have at least one digit")
50.     }
51.  
52.     type userStruct struct {
53.         ID       string
54.         Email    string
55.         Password string
56.     }
57.  
58.     user := userStruct{}
59.  
60.     err := u.DB.QueryRow("SELECT * FROM user WHERE id = ?", req.Id).Scan(
61.         &user.ID,
62.         &user.Email,
63.         &user.Password,
64.     )
65.     if err != nil {
66.         if err == sql.ErrNoRows {
67.             return rsp, status.Errorf(codes.NotFound, "user with id %s wasn't found in the DB", req.Id)
68.         }
69.  
70.         return rsp, status.Errorf(codes.Internal, "there was an error querying the DB: %v", err)
71.     }
72.  
73.     password, err := bcrypt.GenerateFromPassword([]byte(req.Password), 12)
74.     if err != nil {
75.         panic(err)
76.     }
77.  
78.     _, err = u.DB.Exec(`UPDATE user
79. SET password = ?
80. WHERE id = ?`, string(password[:]), user.ID)
81.     if err != nil {
82.         panic(err)
83.     }
84.  
85.     return rsp, nil
86. }