Added endpoint for changing passwords

2018-05-21 22:17:34 +01:00 · 2018-05-21 22:17:34 +01:00 · d0690622cd
commit d0690622cd
parent b4064dfe30
4 changed files with 104 additions and 3 deletions
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@ -187,9 +187,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do
    end
  end

-  def confirm_current_password(user, params) do
+  def confirm_current_password(user, password) do
    with %User{local: true} = db_user <- Repo.get(User, user.id),
-         true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+         true <- Pbkdf2.checkpw(password, db_user.password_hash) do
      {:ok, db_user}
    else
      _ -> {:error, "Invalid password."}
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
  scope "/api/pleroma", Pleroma.Web.TwitterAPI do
    pipe_through(:authenticated_api)
    post("/follow_import", UtilController, :follow_import)
+    post("/change_password", UtilController, :change_password)
    post("/delete_account", UtilController, :delete_account)
  end

--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -197,8 +197,31 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
    json(conn, "job started")
  end

+  def change_password(%{assigns: %{user: user}} = conn, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+      {:ok, user} ->
+        with {:ok, _user} <-
+               User.reset_password(user, %{
+                 password: params["new_password"],
+                 password_confirmation: params["new_password_confirmation"]
+               }) do
+          json(conn, %{status: "success"})
+        else
+          {:error, changeset} ->
+            {_, {error, _}} = Enum.at(changeset.errors, 0)
+            json(conn, %{error: "New password #{error}."})
+
+          _ ->
+            json(conn, %{error: "Unable to change password."})
+        end
+
+      {:error, msg} ->
+        json(conn, %{error: msg})
+    end
+  end
+
  def delete_account(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
      {:ok, user} ->
        Task.start(fn -> User.delete(user) end)
        json(conn, %{status: "success"})