From 33f8cbb34087313ee78be294632c4b5a6b97c2d8 Mon Sep 17 00:00:00 2001
From: deibys <deibyssoca@gmail.com>
Date: Fri, 7 Feb 2020 19:53:04 -0300
Subject: [PATCH 1/3] add temp reset pass and set new pass

---
 src/service/ep_reset_password.go   |  16 ++++-
 src/service/ep_set_new_password.go | 104 +++++++++++++++++++++++++++++
 src/service/http_endpoints.go      |   2 +
 src/service/http_handler.go        |   7 ++
 4 files changed, 126 insertions(+), 3 deletions(-)
 create mode 100644 src/service/ep_set_new_password.go

diff --git a/src/service/ep_reset_password.go b/src/service/ep_reset_password.go
index cb58894..7c8aef3 100644
--- a/src/service/ep_reset_password.go
+++ b/src/service/ep_reset_password.go
@@ -1,10 +1,13 @@
 package service
 
 import (
+	"apiboy/backend/src/errors"
 	"context"
+	"fmt"
 	"strings"
+	"time"
 
-	"apiboy/backend/src/errors"
+	"encoding/base64"
 
 	"github.com/go-kit/kit/endpoint"
 	"github.com/google/uuid"
@@ -31,11 +34,18 @@ func (s *Service) ResetPassword(ctx context.Context, input *ResetPasswordInput)
 	if user == nil {
 		return nil, errors.Unauthorized{Msg: "Invalid user"}
 	}
+	timeNow := time.Now().UTC()
+
+	decode := user.ID + "|" + timeNow.Format(time.UnixDate) + "|" + uuid.New().String()
+
+	fmt.Print(decode)
+
+	encoded := base64.StdEncoding.EncodeToString([]byte(decode))
 
-	user.TempCode = uuid.New().String()
+	user.TempCode = encoded
 
 	if err = s.Store.UpdateUser(ctx, user.ID, user); err != nil {
-		return nil, errors.InternalServer{Msg: "Could not generate temp password", Err: err}
+		return nil, errors.InternalServer{Msg: "Could not generate temp code", Err: err}
 	}
 
 	return &ResetPasswordOutput{}, nil
diff --git a/src/service/ep_set_new_password.go b/src/service/ep_set_new_password.go
new file mode 100644
index 0000000..702ac07
--- /dev/null
+++ b/src/service/ep_set_new_password.go
@@ -0,0 +1,104 @@
+package service
+
+import (
+	"apiboy/backend/src/authutils"
+	"apiboy/backend/src/errors"
+	"context"
+	"encoding/base64"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/go-kit/kit/endpoint"
+)
+
+// SetNewPasswordInput is the input of the endpoint
+type SetNewPasswordInput struct {
+	Password string `json:"password" validate:"omitempty,min=6"`
+	TempCode string `json:"temp_code" validate:"required"`
+}
+
+// SetNewPasswordOutput is the output of the endpoint
+type SetNewPasswordOutput struct{}
+
+// SetNewPassword implements the business logic for the endpoint
+func (s *Service) SetNewPassword(ctx context.Context, input *SetNewPasswordInput) (*SetNewPasswordOutput, error) {
+	password := strings.TrimSpace(input.Password)
+	tempCode := strings.TrimSpace(input.TempCode)
+	fmt.Println("cade: " + tempCode)
+
+	decode, err := base64.StdEncoding.DecodeString(tempCode)
+	if err != nil {
+		fmt.Print("error:", err)
+	} else {
+		fmt.Printf("%q\n", decode)
+	}
+
+	elements := strings.Split(string(decode), "|")
+	if len(elements) != 3 {
+		return nil, errors.Unauthorized{Msg: "Invalid code"}
+	}
+
+	userID := elements[0]
+	timeCode := elements[1]
+	dtCode, err := time.Parse(time.UnixDate, timeCode)
+	if err != nil { // Always check errors even if they should not happen.
+		return nil, errors.InternalServer{Msg: "Could not format date time", Err: err}
+	}
+
+	timeNow := time.Now().UTC()
+
+	hrs := timeNow.Sub(dtCode)
+
+	if hrs.Hours() > 24 {
+		return nil, errors.Unauthorized{Msg: "Invalid code"}
+	}
+
+	// get user
+	user, err := s.Store.GetUserByID(ctx, userID)
+	if err != nil {
+		return nil, errors.InternalServer{Msg: "Could not get user", Err: err}
+	} else if user == nil {
+		return nil, errors.NotFound{Obj: "User"}
+	}
+
+	if user.TempCode != tempCode {
+		return nil, errors.Unauthorized{Msg: "Invalid code"}
+	}
+
+	// hash password
+	hashedPassword, err := authutils.HashPassword(password)
+	if err != nil {
+		return nil, errors.InternalServer{Msg: "Could not hash password", Err: err}
+	}
+
+	user.Password = hashedPassword
+	user.TempCode = ""
+
+	if err = s.Store.UpdateUser(ctx, user.ID, user); err != nil {
+		return nil, errors.InternalServer{Msg: "Could not update user", Err: err}
+	}
+	fmt.Print("Password actualizado")
+	fmt.Printf("%q\n", user.Password)
+	fmt.Printf("%q\n", password)
+
+	return &SetNewPasswordOutput{}, nil
+}
+
+// MakeSetNewPasswordEndpoint creates the endpoint
+func MakeSetNewPasswordEndpoint(s *Service, m ...endpoint.Middleware) endpoint.Endpoint {
+	e := func(ctx context.Context, request interface{}) (response interface{}, err error) {
+		input, ok := request.(*SetNewPasswordInput)
+		if !ok {
+			return nil, errors.BadRequest{}
+		}
+
+		return s.SetNewPassword(ctx, input)
+	}
+
+	for _, mw := range m {
+		e = mw(e)
+	}
+
+	return e
+}
diff --git a/src/service/http_endpoints.go b/src/service/http_endpoints.go
index efbc2ff..3ec8849 100644
--- a/src/service/http_endpoints.go
+++ b/src/service/http_endpoints.go
@@ -11,6 +11,7 @@ type HTTPEndpoints struct {
 	LogoutEndpoint                 endpoint.Endpoint
 	SignupEndpoint                 endpoint.Endpoint
 	ResetPasswordEndpoint          endpoint.Endpoint
+	SetNewPasswordEndpoint         endpoint.Endpoint
 	UpdateUserEndpoint             endpoint.Endpoint
 	DeleteUserEndpoint             endpoint.Endpoint
 	CreateProjectEndpoint          endpoint.Endpoint
@@ -46,6 +47,7 @@ func MakeHTTPEndpoints(s *Service) HTTPEndpoints {
 		LogoutEndpoint:                 MakeLogoutEndpoint(s, vm, am),
 		SignupEndpoint:                 MakeSignupEndpoint(s, vm),
 		ResetPasswordEndpoint:          MakeResetPasswordEndpoint(s, vm),
+		SetNewPasswordEndpoint:         MakeSetNewPasswordEndpoint(s, vm),
 		UpdateUserEndpoint:             MakeUpdateUserEndpoint(s, vm, am),
 		DeleteUserEndpoint:             MakeDeleteUserEndpoint(s, vm, am),
 		CreateProjectEndpoint:          MakeCreateProjectEndpoint(s, vm, am),
diff --git a/src/service/http_handler.go b/src/service/http_handler.go
index 4ea53dd..3284667 100644
--- a/src/service/http_handler.go
+++ b/src/service/http_handler.go
@@ -65,6 +65,13 @@ func MakeHTTPHandler(ctx context.Context, log *logger.Logger, e HTTPEndpoints) h
 		defaultOptions...,
 	)).Name("ResetPassword")
 
+	r.Methods("POST").Path("/auth/set_new_password").Handler(kithttp.NewServer(
+		e.SetNewPasswordEndpoint,
+		httputils.DecodeRPCRequest(&SetNewPasswordInput{}),
+		httputils.ResponseEncoder(log),
+		defaultOptions...,
+	)).Name("SetNewPassword")
+
 	r.Methods("POST").Path("/users/update").Handler(kithttp.NewServer(
 		e.UpdateUserEndpoint,
 		httputils.DecodeRPCRequest(&UpdateUserInput{}),

From f3e355798a01ee13f8b26825618bf314278085f8 Mon Sep 17 00:00:00 2001
From: deibys <deibyssoca@gmail.com>
Date: Mon, 10 Feb 2020 21:59:00 -0300
Subject: [PATCH 2/3] update endpoint

---
 src/service/ep_reset_password.go   |  7 +------
 src/service/ep_set_new_password.go | 17 +++++------------
 2 files changed, 6 insertions(+), 18 deletions(-)

diff --git a/src/service/ep_reset_password.go b/src/service/ep_reset_password.go
index 7c8aef3..babdea0 100644
--- a/src/service/ep_reset_password.go
+++ b/src/service/ep_reset_password.go
@@ -3,7 +3,6 @@ package service
 import (
 	"apiboy/backend/src/errors"
 	"context"
-	"fmt"
 	"strings"
 	"time"
 
@@ -38,11 +37,7 @@ func (s *Service) ResetPassword(ctx context.Context, input *ResetPasswordInput)
 
 	decode := user.ID + "|" + timeNow.Format(time.UnixDate) + "|" + uuid.New().String()
 
-	fmt.Print(decode)
-
-	encoded := base64.StdEncoding.EncodeToString([]byte(decode))
-
-	user.TempCode = encoded
+	user.TempCode = base64.StdEncoding.EncodeToString([]byte(decode))
 
 	if err = s.Store.UpdateUser(ctx, user.ID, user); err != nil {
 		return nil, errors.InternalServer{Msg: "Could not generate temp code", Err: err}
diff --git a/src/service/ep_set_new_password.go b/src/service/ep_set_new_password.go
index 702ac07..a1a6ca9 100644
--- a/src/service/ep_set_new_password.go
+++ b/src/service/ep_set_new_password.go
@@ -25,13 +25,10 @@ type SetNewPasswordOutput struct{}
 func (s *Service) SetNewPassword(ctx context.Context, input *SetNewPasswordInput) (*SetNewPasswordOutput, error) {
 	password := strings.TrimSpace(input.Password)
 	tempCode := strings.TrimSpace(input.TempCode)
-	fmt.Println("cade: " + tempCode)
 
 	decode, err := base64.StdEncoding.DecodeString(tempCode)
 	if err != nil {
 		fmt.Print("error:", err)
-	} else {
-		fmt.Printf("%q\n", decode)
 	}
 
 	elements := strings.Split(string(decode), "|")
@@ -39,21 +36,20 @@ func (s *Service) SetNewPassword(ctx context.Context, input *SetNewPasswordInput
 		return nil, errors.Unauthorized{Msg: "Invalid code"}
 	}
 
-	userID := elements[0]
-	timeCode := elements[1]
-	dtCode, err := time.Parse(time.UnixDate, timeCode)
+	strDateTimeCode := elements[1]
+	dateTimeCode, err := time.Parse(time.UnixDate, strDateTimeCode)
 	if err != nil { // Always check errors even if they should not happen.
 		return nil, errors.InternalServer{Msg: "Could not format date time", Err: err}
 	}
 
 	timeNow := time.Now().UTC()
-
-	hrs := timeNow.Sub(dtCode)
+	hrs := timeNow.Sub(dateTimeCode)
 
 	if hrs.Hours() > 24 {
 		return nil, errors.Unauthorized{Msg: "Invalid code"}
 	}
 
+	userID := elements[0]
 	// get user
 	user, err := s.Store.GetUserByID(ctx, userID)
 	if err != nil {
@@ -66,7 +62,7 @@ func (s *Service) SetNewPassword(ctx context.Context, input *SetNewPasswordInput
 		return nil, errors.Unauthorized{Msg: "Invalid code"}
 	}
 
-	// hash password
+	// hash new password
 	hashedPassword, err := authutils.HashPassword(password)
 	if err != nil {
 		return nil, errors.InternalServer{Msg: "Could not hash password", Err: err}
@@ -78,9 +74,6 @@ func (s *Service) SetNewPassword(ctx context.Context, input *SetNewPasswordInput
 	if err = s.Store.UpdateUser(ctx, user.ID, user); err != nil {
 		return nil, errors.InternalServer{Msg: "Could not update user", Err: err}
 	}
-	fmt.Print("Password actualizado")
-	fmt.Printf("%q\n", user.Password)
-	fmt.Printf("%q\n", password)
 
 	return &SetNewPasswordOutput{}, nil
 }

From 4ad0fa738892598646677bddc8c813b2359d8c2c Mon Sep 17 00:00:00 2001
From: deibys <deibyssoca@gmail.com>
Date: Wed, 12 Feb 2020 19:50:05 -0300
Subject: [PATCH 3/3] update endpoint

---
 src/service/ep_set_new_password.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/service/ep_set_new_password.go b/src/service/ep_set_new_password.go
index a1a6ca9..82beda4 100644
--- a/src/service/ep_set_new_password.go
+++ b/src/service/ep_set_new_password.go
@@ -5,7 +5,6 @@ import (
 	"apiboy/backend/src/errors"
 	"context"
 	"encoding/base64"
-	"fmt"
 	"strings"
 	"time"
 
@@ -28,7 +27,7 @@ func (s *Service) SetNewPassword(ctx context.Context, input *SetNewPasswordInput
 
 	decode, err := base64.StdEncoding.DecodeString(tempCode)
 	if err != nil {
-		fmt.Print("error:", err)
+		return nil, errors.InternalServer{Msg: "Could not format temp code", Err: err}
 	}
 
 	elements := strings.Split(string(decode), "|")