Merge pull request #12 from ockibagusp/session-3-Is-types

fix update user by password: delete IsAdmin and IsUser

Author: ockibagusp

README.md

@@ -107,7 +107,6 @@ $ go test github.com/ockibagusp/golang-website-example/tests -v
 
 
 ## TODO List
-- Table database Users to testing: admin, user and no-auth
 - Admin Users: delete table User `deleted_at` @route: /users/admin/delete
 
     button:

controllers/user_controller.go

@@ -532,11 +532,9 @@ func (controller *Controller) UpdateUserByPassword(c echo.Context) error {
 			ConfirmNewPassword: c.FormValue("confirm_new_password"),
 		}
 
-		// TODO: middleware.CheckHashPassword?
-		if (middleware.IsAdmin(is_auth_type) && middleware.IsUser(is_auth_type)) && middleware.CheckHashPassword(user.Password, _newPasswordForm.OldPassword) {
+		if !middleware.CheckHashPassword(user.Password, _newPasswordForm.OldPassword) {
 			log.Warnf(
-				"for POST to update user by password without IsAdmin and IsUser (%v) and check hash password (%v): 403 Forbidden",
-				middleware.IsAdmin(is_auth_type) && middleware.IsUser(is_auth_type),
+				"for POST to update user by password without check hash password (%v): 403 Forbidden",
 				middleware.CheckHashPassword(user.Password, _newPasswordForm.OldPassword),
 			)
 			middleware.SetFlashError(c, "check hash password is wrong!")