aboutsummaryrefslogtreecommitdiffstats
path: root/atuin-server/src
diff options
context:
space:
mode:
Diffstat (limited to 'atuin-server/src')
-rw-r--r--atuin-server/src/handlers/user.rs30
-rw-r--r--atuin-server/src/router.rs3
2 files changed, 32 insertions, 1 deletions
diff --git a/atuin-server/src/handlers/user.rs b/atuin-server/src/handlers/user.rs
index fb281ab3..e5651fe2 100644
--- a/atuin-server/src/handlers/user.rs
+++ b/atuin-server/src/handlers/user.rs
@@ -175,6 +175,36 @@ pub async fn delete<DB: Database>(
Ok(Json(DeleteUserResponse {}))
}
+#[instrument(skip_all, fields(user.id = user.id, change_password))]
+pub async fn change_password<DB: Database>(
+ UserAuth(mut user): UserAuth,
+ state: State<AppState<DB>>,
+ Json(change_password): Json<ChangePasswordRequest>,
+) -> Result<Json<ChangePasswordResponse>, ErrorResponseStatus<'static>> {
+ let db = &state.0.database;
+
+ let verified = verify_str(
+ user.password.as_str(),
+ change_password.current_password.borrow(),
+ );
+ if !verified {
+ return Err(
+ ErrorResponse::reply("password is not correct").with_status(StatusCode::UNAUTHORIZED)
+ );
+ }
+
+ let hashed = hash_secret(&change_password.new_password);
+ user.password = hashed;
+
+ if let Err(e) = db.update_user_password(&user).await {
+ error!("failed to change user password: {}", e);
+
+ return Err(ErrorResponse::reply("failed to change user password")
+ .with_status(StatusCode::INTERNAL_SERVER_ERROR));
+ };
+ Ok(Json(ChangePasswordResponse {}))
+}
+
#[instrument(skip_all, fields(user.username = login.username.as_str()))]
pub async fn login<DB: Database>(
state: State<AppState<DB>>,
diff --git a/atuin-server/src/router.rs b/atuin-server/src/router.rs
index 8509058f..74df229a 100644
--- a/atuin-server/src/router.rs
+++ b/atuin-server/src/router.rs
@@ -5,7 +5,7 @@ use axum::{
http::{self, request::Parts},
middleware::Next,
response::{IntoResponse, Response},
- routing::{delete, get, post},
+ routing::{delete, get, patch, post},
Router,
};
use eyre::Result;
@@ -119,6 +119,7 @@ pub fn router<DB: Database>(database: DB, settings: Settings<DB::Settings>) -> R
.route("/history", delete(handlers::history::delete))
.route("/user/:username", get(handlers::user::get))
.route("/account", delete(handlers::user::delete))
+ .route("/account/password", patch(handlers::user::change_password))
.route("/register", post(handlers::user::register))
.route("/login", post(handlers::user::login))
.route("/record", post(handlers::record::post::<DB>))
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-14 23:44:25 +0000