Improved update password method to ask the current password

REST-Tests/users.http

@@ -8,4 +8,17 @@ Authorization: Bearer {{auth_token}}
 GET http://localhost:8080/api/v1/users?s=3
 Authorization: Bearer {{auth_token}}
 
+###
+
+## Update password
+
+POST http://localhost:8080/api/v1/user/password
+Authorization: Bearer {{auth_token}}
+Content-Type: application/json
+
+{
+  "old_password": "1234",
+  "new_password": "1234"
+}
+
 ###

routes/api/v1/user_update_password.go

@@ -8,7 +8,8 @@ import (
 
 // UserPassword holds a user password. Used to update it.
 type UserPassword struct {
-	Password string `json:"password"`
+	OldPassword string `json:"old_password"`
+	NewPassword string `json:"new_password"`
 }
 
 // UserChangePassword is the handler to change a users password
@@ -47,14 +48,21 @@ func UserChangePassword(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
 	}
 
+	// Check the current password
+	if _, err = models.CheckUserCredentials(&models.UserLogin{Username:doer.Username,Password:newPW.OldPassword}); err != nil {
+		if models.IsErrUserDoesNotExist(err) {
+			return echo.NewHTTPError(http.StatusNotFound, "The user does not exist.")
+		}
+		return c.JSON(http.StatusUnauthorized, models.Message{"Wrong password."})
+	}
+
 	// Update the password
-	err = models.UpdateUserPassword(&doer, newPW.Password)
-	if err != nil {
+	if err = models.UpdateUserPassword(&doer, newPW.NewPassword); err != nil {
 		if models.IsErrUserDoesNotExist(err) {
 			return echo.NewHTTPError(http.StatusNotFound, "The user does not exist.")
 		}
 
-		models.Log.Error("Error updating a users password, user: %d", doer.ID)
+		models.Log.Error("Error updating a users password, user: %d, err: %s", doer.ID, err)
 		return echo.NewHTTPError(http.StatusInternalServerError, "An error occurred.")
 	}