Add Credential.Reset() method for resetting passwords

Addresses part 3 of #7

Author: dhui

credential.go

@@ -117,6 +117,26 @@ func (c *Credential) ChangePasswordWithConfigAndIP(config Config, oldPassword, n
 	if !c.matchPassword(oldPassword, config.AuditLogger, ip) {
 		return fmt.Errorf("Old password does not match existing password")
 	}
+	return c.ResetWithConfigAndIP(config, newPassword, ip)
+}
+
+// Reset resets the password for the given Credential and updates the Credential to use the recommended safe key derivation function and parameters
+func (c *Credential) Reset(newPassword string) error {
+	return c.ResetWithConfig(DefaultConfig, newPassword)
+}
+
+// ResetWithIP resets the password for the given Credential and updates the Credential to use the recommended safe key derivation function and parameters
+func (c *Credential) ResetWithIP(newPassword string, ip net.IP) error {
+	return c.ResetWithConfigAndIP(DefaultConfig, newPassword, ip)
+}
+
+// ResetWithConfig resets the password for the given Credential and updates the Credential to meet the Config parameters if necessary
+func (c *Credential) ResetWithConfig(config Config, newPassword string) error {
+	return c.ResetWithConfigAndIP(config, newPassword, emptyIP)
+}
+
+// ResetWithConfigAndIP resets the password for the given Credential and updates the Credential to meet the Config parameters if necessary
+func (c *Credential) ResetWithConfigAndIP(config Config, newPassword string, ip net.IP) error {
 	newCredential, err := config.NewCredential(c.UserID, newPassword)
 	if err != nil {
 		return err

credential_test.go

@@ -382,3 +382,51 @@ func TestChangePasswordWithIPIncorrectOldPassword(t *testing.T) {
 		t.Error("Should have gotten error resetting password")
 	}
 }
+
+func TestReset(t *testing.T) {
+	userID := UserID(0)
+	password := "insecurepassword"
+	credential, err := NewCredential(userID, password)
+	if err != nil {
+		t.Error("Unable to create new Credential")
+	}
+	if err := credential.Reset("newInsecurePassword"); err != nil {
+		t.Error("Got error resetting password.", err)
+	}
+}
+
+func TestResetNewPasswordDoesNotMeetPasswordPolicy(t *testing.T) {
+	userID := UserID(0)
+	password := "insecurepassword"
+	credential, err := NewCredential(userID, password)
+	if err != nil {
+		t.Error("Unable to create new Credential")
+	}
+	if err := credential.Reset("tooshort"); err == nil {
+		t.Error("Should have gotten error resetting password")
+	}
+}
+
+func TestResetWithIP(t *testing.T) {
+	userID := UserID(0)
+	password := "insecurepassword"
+	credential, err := NewCredential(userID, password)
+	if err != nil {
+		t.Error("Unable to create new Credential")
+	}
+	if err := credential.ResetWithIP("newInsecurePassword", emptyIP); err != nil {
+		t.Error("Got error resetting password.", err)
+	}
+}
+
+func TestResetWithIPNewPasswordDoesNotMeetPasswordPolicy(t *testing.T) {
+	userID := UserID(0)
+	password := "insecurepassword"
+	credential, err := NewCredential(userID, password)
+	if err != nil {
+		t.Error("Unable to create new Credential")
+	}
+	if err := credential.ResetWithIP("tooshort", emptyIP); err == nil {
+		t.Error("Should have gotten error resetting password")
+	}
+}

passhash_test.go

@@ -104,4 +104,8 @@ func Example() {
 	if err = credential.ChangePassword(password, newPassword); err != nil {
 		// Handle PasswordPoliciesNotMet error
 	}
+	newPassword2 := "newinsecurepassword2"
+	if err = credential.Reset(newPassword2); err != nil {
+		// Handle PasswordPoliciesNotMet error
+	}
 }