template-monorepo/internal/logic/member/change_password_logic.go

// Code scaffolded by goctl. Safe to edit.
// goctl 1.10.1

package member

import (
	"context"
	"strings"

	domusecase "gateway/internal/model/member/domain/usecase"
	"gateway/internal/svc"
	"gateway/internal/types"

	"github.com/zeromicro/go-zero/core/logx"
)

type ChangePasswordLogic struct {
	logx.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

func NewChangePasswordLogic(ctx context.Context, svcCtx *svc.ServiceContext) *ChangePasswordLogic {
	return &ChangePasswordLogic{
		Logger: logx.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

func (l *ChangePasswordLogic) ChangePassword(req *types.ChangePasswordReq) (*types.ChangePasswordData, error) {
	actor, err := actorOrErr(l.ctx)
	if err != nil {
		return nil, err
	}
	if l.svcCtx.MemberProfile == nil {
		return nil, errb.SysNotImplemented("member profile not configured")
	}
	if l.svcCtx.Zitadel == nil {
		return nil, errb.SysNotImplemented("zitadel not configured")
	}
	if req == nil {
		return nil, errb.InputMissingRequired("request body is required")
	}

	member, err := l.svcCtx.MemberProfile.GetByUID(l.ctx, &domusecase.GetMemberRequest{
		TenantID: actor.TenantID,
		UID:      actor.UID,
	})
	if err != nil {
		return nil, err
	}
	if err := ensurePlatformNativePassword(member); err != nil {
		return nil, err
	}
	if err := ensurePasswordChangeStepUp(l.ctx, l.svcCtx, actor.TenantID, actor.UID, member, req); err != nil {
		return nil, err
	}
	if member.ZitadelUserID == "" {
		return nil, errb.ResInvalidState("member has no zitadel identity")
	}

	email := strings.TrimSpace(member.ZitadelEmail)
	if email == "" {
		return nil, errb.ResInvalidState("member has no login email")
	}
	if _, err := l.svcCtx.Zitadel.VerifyPassword(l.ctx, email, req.CurrentPassword); err != nil {
		return nil, errb.AuthUnauthorized("invalid current password")
	}
	if err := l.svcCtx.Zitadel.SetUserPassword(l.ctx, member.ZitadelUserID, req.NewPassword, req.CurrentPassword); err != nil {
		return nil, errb.SvcThirdParty("zitadel password update failed").WithCause(err)
	}

	return &types.ChangePasswordData{OK: true}, nil
}
feat(auth): 登入 MFA、忘記/改密碼與註冊恢復流程補齊平台帳號（platform_native）的密碼自助能力，並讓未完成 Email 驗證的使用者可恢復註冊；OIDC/LDAP/SCIM 帳號禁止在本系統變更密碼。登入若已啟用 TOTP 改為兩階段驗證，OTP 重送加入 60 秒冷卻；同步調整 golangci 排除路徑與 zitadel lint 修正。 Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-26 16:55:37 +00:00			`// Code scaffolded by goctl. Safe to edit.`
			`// goctl 1.10.1`

			`package member`

			`import (`
			`"context"`
			`"strings"`

			`domusecase "gateway/internal/model/member/domain/usecase"`
			`"gateway/internal/svc"`
			`"gateway/internal/types"`

			`"github.com/zeromicro/go-zero/core/logx"`
			`)`

			`type ChangePasswordLogic struct {`
			`logx.Logger`
			`ctx context.Context`
			`svcCtx *svc.ServiceContext`
			`}`

			`func NewChangePasswordLogic(ctx context.Context, svcCtx svc.ServiceContext) ChangePasswordLogic {`
			`return &ChangePasswordLogic{`
			`Logger: logx.WithContext(ctx),`
			`ctx: ctx,`
			`svcCtx: svcCtx,`
			`}`
			`}`

			`func (l ChangePasswordLogic) ChangePassword(req types.ChangePasswordReq) (*types.ChangePasswordData, error) {`
			`actor, err := actorOrErr(l.ctx)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if l.svcCtx.MemberProfile == nil {`
			`return nil, errb.SysNotImplemented("member profile not configured")`
			`}`
			`if l.svcCtx.Zitadel == nil {`
			`return nil, errb.SysNotImplemented("zitadel not configured")`
			`}`
			`if req == nil {`
			`return nil, errb.InputMissingRequired("request body is required")`
			`}`

			`member, err := l.svcCtx.MemberProfile.GetByUID(l.ctx, &domusecase.GetMemberRequest{`
			`TenantID: actor.TenantID,`
			`UID: actor.UID,`
			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`if err := ensurePlatformNativePassword(member); err != nil {`
			`return nil, err`
			`}`
add fix eage case 2026-05-27 09:28:13 +00:00			`if err := ensurePasswordChangeStepUp(l.ctx, l.svcCtx, actor.TenantID, actor.UID, member, req); err != nil {`
			`return nil, err`
			`}`
feat(auth): 登入 MFA、忘記/改密碼與註冊恢復流程補齊平台帳號（platform_native）的密碼自助能力，並讓未完成 Email 驗證的使用者可恢復註冊；OIDC/LDAP/SCIM 帳號禁止在本系統變更密碼。登入若已啟用 TOTP 改為兩階段驗證，OTP 重送加入 60 秒冷卻；同步調整 golangci 排除路徑與 zitadel lint 修正。 Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-26 16:55:37 +00:00			`if member.ZitadelUserID == "" {`
			`return nil, errb.ResInvalidState("member has no zitadel identity")`
			`}`

			`email := strings.TrimSpace(member.ZitadelEmail)`
			`if email == "" {`
			`return nil, errb.ResInvalidState("member has no login email")`
			`}`
			`if _, err := l.svcCtx.Zitadel.VerifyPassword(l.ctx, email, req.CurrentPassword); err != nil {`
			`return nil, errb.AuthUnauthorized("invalid current password")`
			`}`
			`if err := l.svcCtx.Zitadel.SetUserPassword(l.ctx, member.ZitadelUserID, req.NewPassword, req.CurrentPassword); err != nil {`
			`return nil, errb.SvcThirdParty("zitadel password update failed").WithCause(err)`
			`}`

			`return &types.ChangePasswordData{OK: true}, nil`
			`}`