api: implement auth/change_pw
This commit is contained in:
parent
77517147c8
commit
92f8a72117
20
src/api.rs
20
src/api.rs
|
@ -9,6 +9,7 @@ use std::vec::Vec;
|
|||
pub fn routes() -> impl Into<Vec<rocket::Route>> {
|
||||
routes![
|
||||
auth,
|
||||
auth_change_pw,
|
||||
auth_sign_in,
|
||||
auth_params
|
||||
]
|
||||
|
@ -99,4 +100,23 @@ fn auth_params(db: DbConn, email: String) -> Custom<JsonResp<AuthParams>> {
|
|||
Err(user::UserOpError(e)) =>
|
||||
error_resp(Status::InternalServerError, vec![e])
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
struct ChangePwParams {
|
||||
email: String,
|
||||
password: String,
|
||||
current_password: String
|
||||
}
|
||||
|
||||
#[post("/auth/change_pw", format = "json", data = "<params>")]
|
||||
fn auth_change_pw(db: DbConn, params: Json<ChangePwParams>) -> Custom<JsonResp<()>> {
|
||||
let res = user::User::find_user_by_email(&db, ¶ms.email)
|
||||
.and_then(|u|
|
||||
u.change_pw(&db, ¶ms.current_password, ¶ms.password));
|
||||
match res {
|
||||
Ok(_) => Custom(Status::NoContent, Json(Response::Success(()))),
|
||||
Err(user::UserOpError(e)) =>
|
||||
error_resp(Status::InternalServerError, vec![e])
|
||||
}
|
||||
}
|
17
src/user.rs
17
src/user.rs
|
@ -82,4 +82,21 @@ impl User {
|
|||
.map_err(|_| UserOpError::new("Failed to generate token"))
|
||||
}
|
||||
}
|
||||
|
||||
// Change the password in database, if old password is provided
|
||||
// The current instance of User model will not be mutated
|
||||
pub fn change_pw(&self, db: &SqliteConnection, passwd: &str, new_passwd: &str) -> Result<(), UserOpError> {
|
||||
if passwd != self.password {
|
||||
Err(UserOpError::new("Password mismatch"))
|
||||
} else {
|
||||
// Update database
|
||||
// TODO: Maybe we should revoke all JWTs somehow?
|
||||
// maybe we can record when the user last changed?
|
||||
diesel::update(users.find(self.id))
|
||||
.set(password.eq(new_passwd))
|
||||
.execute(db)
|
||||
.map(|_| ())
|
||||
.map_err(|_| UserOpError::new("Database error"))
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue