MWS authentication (#8596)

* mws authentication

* add more tests and permission checkers

* add logic to ensure that only authenticated users' requests are handled

* add custom login page

* Implement user authentication as well as session handling

* work on user operations authorization

* add middleware to route handlers for bags & tiddlers routes

* add feature that only returns the tiddlers and bags which the user has permission to access on index page

* refactor auth routes & added user management page

* fix Ci Test failure issue

* fix users list page, add manage roles page

* add commands and scripts to create new user & assign roles and permissions

* resolved ci-test failure

* add ACL permissions to bags & tiddlers on creation

* fix comments and access control list bug

* fix indentation issues

* working on user profile edit

* remove list users command & added support for database in server options

* implement user profile update and password change feature

* update plugin readme

* implement command which triggers protected mode on the server

* revert server-wide auth flag. Implement selective authorization

* ACL management feature

* Complete Access control list implementation

* Added support to manage users' assigned role by admin

* fix comments

* fix comment

plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/change-user-password.js

@@ -0,0 +1,60 @@
+/*\
+title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/change-password.js
+type: application/javascript
+module-type: mws-route
+
+POST /change-user-password
+
+\*/
+(function () {
+
+/*jslint node: true, browser: true */
+/*global $tw: false */
+"use strict";
+var authenticator = require("$:/plugins/tiddlywiki/multiwikiserver/auth/authentication.js").Authenticator;
+
+exports.method = "POST";
+
+exports.path = /^\/change-user-password\/?$/;
+
+exports.bodyFormat = "www-form-urlencoded";
+
+exports.csrfDisable = true;
+
+exports.handler = function (request, response, state) {
+  if(!state.authenticatedUser) {
+    response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
+    response.end("Unauthorized");
+    return;
+  }
+  var auth = authenticator(state.server.sqlTiddlerDatabase);
+
+  var userId = state.authenticatedUser.user_id;
+  var newPassword = state.data.newPassword;
+  var confirmPassword = state.data.confirmPassword;
+
+  if(newPassword !== confirmPassword) {
+    response.setHeader("Set-Cookie", "flashMessage=New passwords do not match; Path=/; HttpOnly; Max-Age=5");
+    response.writeHead(302, { "Location": "/admin/users/" + userId });
+    response.end();
+    return;
+  }
+
+  var userData = state.server.sqlTiddlerDatabase.getUser(userId);
+
+  if(!userData) {
+    response.setHeader("Set-Cookie", "flashMessage=User not found; Path=/; HttpOnly; Max-Age=5");
+    response.writeHead(302, { "Location": "/admin/users/" + userId });
+    response.end();
+    return;
+  }
+
+  var newHash = auth.hashPassword(newPassword);
+  var result = state.server.sqlTiddlerDatabase.updateUserPassword(userId, newHash);
+
+  response.setHeader("Set-Cookie", `flashMessage=${result.message}; Path=/; HttpOnly; Max-Age=5`);
+  response.writeHead(302, { "Location": "/admin/users/" + userId });
+  response.end();
+};
+
+}());