diff options
| author | TymanWasTaken <ty@blahaj.land> | 2024-01-29 06:17:10 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-29 11:17:10 +0000 |
| commit | 0faf414cd958137ac60a1f37288994f3a1441780 (patch) | |
| tree | df7199c0366893dc393d1cc53230a8f39e88d036 /atuin-server | |
| parent | feat: make history list format configurable (#1638) (diff) | |
| download | atuin-0faf414cd958137ac60a1f37288994f3a1441780.zip | |
feat: Add change-password command & support on server (#1615)
* Add change-password command & support on server
* Add a test for password change
* review: run format
---------
Co-authored-by: Ellie Huxtable <ellie@elliehuxtable.com>
Diffstat (limited to 'atuin-server')
| -rw-r--r-- | atuin-server/src/handlers/user.rs | 30 | ||||
| -rw-r--r-- | atuin-server/src/router.rs | 3 |
2 files changed, 32 insertions, 1 deletions
diff --git a/atuin-server/src/handlers/user.rs b/atuin-server/src/handlers/user.rs index fb281ab3..e5651fe2 100644 --- a/atuin-server/src/handlers/user.rs +++ b/atuin-server/src/handlers/user.rs @@ -175,6 +175,36 @@ pub async fn delete<DB: Database>( Ok(Json(DeleteUserResponse {})) } +#[instrument(skip_all, fields(user.id = user.id, change_password))] +pub async fn change_password<DB: Database>( + UserAuth(mut user): UserAuth, + state: State<AppState<DB>>, + Json(change_password): Json<ChangePasswordRequest>, +) -> Result<Json<ChangePasswordResponse>, ErrorResponseStatus<'static>> { + let db = &state.0.database; + + let verified = verify_str( + user.password.as_str(), + change_password.current_password.borrow(), + ); + if !verified { + return Err( + ErrorResponse::reply("password is not correct").with_status(StatusCode::UNAUTHORIZED) + ); + } + + let hashed = hash_secret(&change_password.new_password); + user.password = hashed; + + if let Err(e) = db.update_user_password(&user).await { + error!("failed to change user password: {}", e); + + return Err(ErrorResponse::reply("failed to change user password") + .with_status(StatusCode::INTERNAL_SERVER_ERROR)); + }; + Ok(Json(ChangePasswordResponse {})) +} + #[instrument(skip_all, fields(user.username = login.username.as_str()))] pub async fn login<DB: Database>( state: State<AppState<DB>>, diff --git a/atuin-server/src/router.rs b/atuin-server/src/router.rs index 8509058f..74df229a 100644 --- a/atuin-server/src/router.rs +++ b/atuin-server/src/router.rs @@ -5,7 +5,7 @@ use axum::{ http::{self, request::Parts}, middleware::Next, response::{IntoResponse, Response}, - routing::{delete, get, post}, + routing::{delete, get, patch, post}, Router, }; use eyre::Result; @@ -119,6 +119,7 @@ pub fn router<DB: Database>(database: DB, settings: Settings<DB::Settings>) -> R .route("/history", delete(handlers::history::delete)) .route("/user/:username", get(handlers::user::get)) .route("/account", delete(handlers::user::delete)) + .route("/account/password", patch(handlers::user::change_password)) .route("/register", post(handlers::user::register)) .route("/login", post(handlers::user::login)) .route("/record", post(handlers::record::post::<DB>)) |