From 69a62f0ad55c01b8c0e7cc16e02e8bc5065d7e47 Mon Sep 17 00:00:00 2001 From: Jocadbz Date: Thu, 15 Jan 2026 22:39:58 -0300 Subject: [PATCH] Handlers: Add password confirmation validation to signup - Server-side validation for password confirmation field - Display error message if passwords don't match - Complements client-side validation added in previous commit --- handlers/signup.go | 148 +++++++++++++++++++++++++++------------------ 1 file changed, 88 insertions(+), 60 deletions(-) diff --git a/handlers/signup.go b/handlers/signup.go index 5e52cf3..7f6961f 100644 --- a/handlers/signup.go +++ b/handlers/signup.go @@ -1,66 +1,94 @@ package handlers import ( - "log" - "net/http" - "threadr/models" - "github.com/gorilla/sessions" + "github.com/gorilla/sessions" + "log" + "net/http" + "threadr/models" ) func SignupHandler(app *App) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*sessions.Session) - cookie, _ := r.Cookie("threadr_cookie_banner") - if r.Method == http.MethodPost { - username := r.FormValue("username") - password := r.FormValue("password") - err := models.CreateUser(app.DB, username, password) - if err != nil { - log.Printf("Error creating user: %v", err) - data := struct { - PageData - Error string - }{ - PageData: PageData{ - Title: "ThreadR - Sign Up", - Navbar: "signup", - LoggedIn: false, - ShowCookieBanner: cookie == nil || cookie.Value != "accepted", - BasePath: app.Config.ThreadrDir, - StaticPath: app.Config.ThreadrDir + "/static", - CurrentURL: r.URL.Path, - }, - Error: "An error occurred during sign up. Please try again.", - } - if err := app.Tmpl.ExecuteTemplate(w, "signup", data); err != nil { - log.Printf("Error executing template in SignupHandler: %v", err) - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - return - } - return - } - http.Redirect(w, r, app.Config.ThreadrDir+"/login/", http.StatusFound) - return - } - data := struct { - PageData - Error string - }{ - PageData: PageData{ - Title: "ThreadR - Sign Up", - Navbar: "signup", - LoggedIn: session.Values["user_id"] != nil, - ShowCookieBanner: cookie == nil || cookie.Value != "accepted", - BasePath: app.Config.ThreadrDir, - StaticPath: app.Config.ThreadrDir + "/static", - CurrentURL: r.URL.Path, - }, - Error: "", - } - if err := app.Tmpl.ExecuteTemplate(w, "signup", data); err != nil { - log.Printf("Error executing template in SignupHandler: %v", err) - http.Error(w, "Internal Server Error", http.StatusInternalServerError) - return - } - } -} \ No newline at end of file + return func(w http.ResponseWriter, r *http.Request) { + session := r.Context().Value("session").(*sessions.Session) + cookie, _ := r.Cookie("threadr_cookie_banner") + if r.Method == http.MethodPost { + username := r.FormValue("username") + password := r.FormValue("password") + passwordConfirm := r.FormValue("password_confirm") + + // Server-side validation for password confirmation + if password != passwordConfirm { + log.Printf("Password confirmation mismatch for user: %s", username) + data := struct { + PageData + Error string + }{ + PageData: PageData{ + Title: "ThreadR - Sign Up", + Navbar: "signup", + LoggedIn: false, + ShowCookieBanner: cookie == nil || cookie.Value != "accepted", + BasePath: app.Config.ThreadrDir, + StaticPath: app.Config.ThreadrDir + "/static", + CurrentURL: r.URL.Path, + }, + Error: "Passwords do not match. Please try again.", + } + if err := app.Tmpl.ExecuteTemplate(w, "signup", data); err != nil { + log.Printf("Error executing template in SignupHandler: %v", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + return + } + return + } + + err := models.CreateUser(app.DB, username, password) + if err != nil { + log.Printf("Error creating user: %v", err) + data := struct { + PageData + Error string + }{ + PageData: PageData{ + Title: "ThreadR - Sign Up", + Navbar: "signup", + LoggedIn: false, + ShowCookieBanner: cookie == nil || cookie.Value != "accepted", + BasePath: app.Config.ThreadrDir, + StaticPath: app.Config.ThreadrDir + "/static", + CurrentURL: r.URL.Path, + }, + Error: "An error occurred during sign up. Please try again.", + } + if err := app.Tmpl.ExecuteTemplate(w, "signup", data); err != nil { + log.Printf("Error executing template in SignupHandler: %v", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + return + } + return + } + http.Redirect(w, r, app.Config.ThreadrDir+"/login/", http.StatusFound) + return + } + data := struct { + PageData + Error string + }{ + PageData: PageData{ + Title: "ThreadR - Sign Up", + Navbar: "signup", + LoggedIn: session.Values["user_id"] != nil, + ShowCookieBanner: cookie == nil || cookie.Value != "accepted", + BasePath: app.Config.ThreadrDir, + StaticPath: app.Config.ThreadrDir + "/static", + CurrentURL: r.URL.Path, + }, + Error: "", + } + if err := app.Tmpl.ExecuteTemplate(w, "signup", data); err != nil { + log.Printf("Error executing template in SignupHandler: %v", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + return + } + } +}