Moving ChangePassword to its own API action. Fixes #1471

pull/1539/head
Dessalines 2021-04-01 17:39:01 -04:00
parent fac024b90c
commit f33f763278
5 changed files with 60 additions and 39 deletions

View File

@ -63,6 +63,9 @@ pub async fn match_websocket_operation(
UserOperation::SaveUserSettings => {
do_websocket_operation::<SaveUserSettings>(context, id, op, data).await
}
UserOperation::ChangePassword => {
do_websocket_operation::<ChangePassword>(context, id, op, data).await
}
UserOperation::GetReportCount => {
do_websocket_operation::<GetReportCount>(context, id, op, data).await
}

View File

@ -191,44 +191,9 @@ impl Perform for SaveUserSettings {
let local_user_id = local_user_view.local_user.id;
let person_id = local_user_view.person.id;
let password_encrypted = match &data.new_password {
Some(new_password) => {
match &data.new_password_verify {
Some(new_password_verify) => {
password_length_check(&new_password)?;
// Make sure passwords match
if new_password != new_password_verify {
return Err(ApiError::err("passwords_dont_match").into());
}
// Check the old password
match &data.old_password {
Some(old_password) => {
let valid: bool =
verify(old_password, &local_user_view.local_user.password_encrypted)
.unwrap_or(false);
if !valid {
return Err(ApiError::err("password_incorrect").into());
}
let new_password = new_password.to_owned();
let user = blocking(context.pool(), move |conn| {
LocalUser::update_password(conn, local_user_id, &new_password)
})
.await??;
user.password_encrypted
}
None => return Err(ApiError::err("password_incorrect").into()),
}
}
None => return Err(ApiError::err("passwords_dont_match").into()),
}
}
None => local_user_view.local_user.password_encrypted,
};
let default_listing_type = data.default_listing_type;
let default_sort_type = data.default_sort_type;
let password_encrypted = local_user_view.local_user.password_encrypted;
let person_form = PersonForm {
name: local_user_view.person.name,
@ -301,6 +266,49 @@ impl Perform for SaveUserSettings {
}
}
#[async_trait::async_trait(?Send)]
impl Perform for ChangePassword {
type Response = LoginResponse;
async fn perform(
&self,
context: &Data<LemmyContext>,
_websocket_id: Option<ConnectionId>,
) -> Result<LoginResponse, LemmyError> {
let data: &ChangePassword = &self;
let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
password_length_check(&data.new_password)?;
// Make sure passwords match
if data.new_password != data.new_password_verify {
return Err(ApiError::err("passwords_dont_match").into());
}
// Check the old password
let valid: bool = verify(
&data.old_password,
&local_user_view.local_user.password_encrypted,
)
.unwrap_or(false);
if !valid {
return Err(ApiError::err("password_incorrect").into());
}
let local_user_id = local_user_view.local_user.id;
let new_password = data.new_password.to_owned();
let updated_local_user = blocking(context.pool(), move |conn| {
LocalUser::update_password(conn, local_user_id, &new_password)
})
.await??;
// Return the jwt
Ok(LoginResponse {
jwt: Claims::jwt(updated_local_user.id.0)?,
})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for AddAdmin {
type Response = AddAdminResponse;

View File

@ -57,14 +57,19 @@ pub struct SaveUserSettings {
pub email: Option<String>,
pub bio: Option<String>,
pub matrix_user_id: Option<String>,
pub new_password: Option<String>,
pub new_password_verify: Option<String>,
pub old_password: Option<String>,
pub show_avatars: Option<bool>,
pub send_notifications_to_email: Option<bool>,
pub auth: String,
}
#[derive(Deserialize)]
pub struct ChangePassword {
pub new_password: String,
pub new_password_verify: String,
pub old_password: String,
pub auth: String,
}
#[derive(Serialize)]
pub struct LoginResponse {
pub jwt: String,

View File

@ -123,6 +123,7 @@ pub enum UserOperation {
PostJoin,
CommunityJoin,
ModJoin,
ChangePassword,
}
#[derive(EnumString, ToString, Debug, Clone)]

View File

@ -182,6 +182,10 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimit) {
"/save_user_settings",
web::put().to(route_post::<SaveUserSettings>),
)
.route(
"/change_password",
web::put().to(route_post::<ChangePassword>),
)
.route("/report_count", web::get().to(route_get::<GetReportCount>)),
)
// Admin Actions