api: implement auth/change_pw

src/api.rs

@@ -9,6 +9,7 @@ use std::vec::Vec;
 pub fn routes() -> impl Into<Vec<rocket::Route>> {
     routes![
         auth,
+        auth_change_pw,
         auth_sign_in,
         auth_params
     ]
@@ -99,4 +100,23 @@ fn auth_params(db: DbConn, email: String) -> Custom<JsonResp<AuthParams>> {
         Err(user::UserOpError(e)) =>
             error_resp(Status::InternalServerError, vec![e])
     }
+}
+
+#[derive(Deserialize)]
+struct ChangePwParams {
+    email: String,
+    password: String,
+    current_password: String
+}
+
+#[post("/auth/change_pw", format = "json", data = "<params>")]
+fn auth_change_pw(db: DbConn, params: Json<ChangePwParams>) -> Custom<JsonResp<()>> {
+    let res = user::User::find_user_by_email(&db, &params.email)
+                .and_then(|u|
+                    u.change_pw(&db, &params.current_password, &params.password));
+    match res {
+        Ok(_) => Custom(Status::NoContent, Json(Response::Success(()))),
+        Err(user::UserOpError(e)) =>
+            error_resp(Status::InternalServerError, vec![e])
+    }
 }

src/user.rs

@@ -82,4 +82,21 @@ impl User {
              .map_err(|_| UserOpError::new("Failed to generate token"))
         }
     }
+
+    // Change the password in database, if old password is provided
+    // The current instance of User model will not be mutated
+    pub fn change_pw(&self, db: &SqliteConnection, passwd: &str, new_passwd: &str) -> Result<(), UserOpError> {
+        if passwd != self.password {
+            Err(UserOpError::new("Password mismatch"))
+        } else {
+            // Update database
+            // TODO: Maybe we should revoke all JWTs somehow?
+            //      maybe we can record when the user last changed?
+            diesel::update(users.find(self.id))
+                .set(password.eq(new_passwd))
+                .execute(db)
+                .map(|_| ())
+                .map_err(|_| UserOpError::new("Database error"))
+        }
+    }
 }