From 0faf414cd958137ac60a1f37288994f3a1441780 Mon Sep 17 00:00:00 2001 From: TymanWasTaken Date: Mon, 29 Jan 2024 06:17:10 -0500 Subject: feat: Add change-password command & support on server (#1615) * Add change-password command & support on server * Add a test for password change * review: run format --------- Co-authored-by: Ellie Huxtable --- atuin-server/src/handlers/user.rs | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'atuin-server/src/handlers') diff --git a/atuin-server/src/handlers/user.rs b/atuin-server/src/handlers/user.rs index fb281ab3..e5651fe2 100644 --- a/atuin-server/src/handlers/user.rs +++ b/atuin-server/src/handlers/user.rs @@ -175,6 +175,36 @@ pub async fn delete( Ok(Json(DeleteUserResponse {})) } +#[instrument(skip_all, fields(user.id = user.id, change_password))] +pub async fn change_password( + UserAuth(mut user): UserAuth, + state: State>, + Json(change_password): Json, +) -> Result, ErrorResponseStatus<'static>> { + let db = &state.0.database; + + let verified = verify_str( + user.password.as_str(), + change_password.current_password.borrow(), + ); + if !verified { + return Err( + ErrorResponse::reply("password is not correct").with_status(StatusCode::UNAUTHORIZED) + ); + } + + let hashed = hash_secret(&change_password.new_password); + user.password = hashed; + + if let Err(e) = db.update_user_password(&user).await { + error!("failed to change user password: {}", e); + + return Err(ErrorResponse::reply("failed to change user password") + .with_status(StatusCode::INTERNAL_SERVER_ERROR)); + }; + Ok(Json(ChangePasswordResponse {})) +} + #[instrument(skip_all, fields(user.username = login.username.as_str()))] pub async fn login( state: State>, -- cgit v1.3.1