From 0faf414cd958137ac60a1f37288994f3a1441780 Mon Sep 17 00:00:00 2001
From: TymanWasTaken <ty@blahaj.land>
Date: Mon, 29 Jan 2024 06:17:10 -0500
Subject: feat: Add change-password command & support on server (#1615)

* Add change-password command & support on server

* Add a test for password change

* review: run format

---------

Co-authored-by: Ellie Huxtable <ellie@elliehuxtable.com>
---
 atuin-server/src/handlers/user.rs | 30 ++++++++++++++++++++++++++++++
 atuin-server/src/router.rs        |  3 ++-
 2 files changed, 32 insertions(+), 1 deletion(-)

(limited to 'atuin-server/src')

diff --git a/atuin-server/src/handlers/user.rs b/atuin-server/src/handlers/user.rs
index fb281ab3..e5651fe2 100644
--- a/atuin-server/src/handlers/user.rs
+++ b/atuin-server/src/handlers/user.rs
@@ -175,6 +175,36 @@ pub async fn delete<DB: Database>(
     Ok(Json(DeleteUserResponse {}))
 }
 
+#[instrument(skip_all, fields(user.id = user.id, change_password))]
+pub async fn change_password<DB: Database>(
+    UserAuth(mut user): UserAuth,
+    state: State<AppState<DB>>,
+    Json(change_password): Json<ChangePasswordRequest>,
+) -> Result<Json<ChangePasswordResponse>, ErrorResponseStatus<'static>> {
+    let db = &state.0.database;
+
+    let verified = verify_str(
+        user.password.as_str(),
+        change_password.current_password.borrow(),
+    );
+    if !verified {
+        return Err(
+            ErrorResponse::reply("password is not correct").with_status(StatusCode::UNAUTHORIZED)
+        );
+    }
+
+    let hashed = hash_secret(&change_password.new_password);
+    user.password = hashed;
+
+    if let Err(e) = db.update_user_password(&user).await {
+        error!("failed to change user password: {}", e);
+
+        return Err(ErrorResponse::reply("failed to change user password")
+            .with_status(StatusCode::INTERNAL_SERVER_ERROR));
+    };
+    Ok(Json(ChangePasswordResponse {}))
+}
+
 #[instrument(skip_all, fields(user.username = login.username.as_str()))]
 pub async fn login<DB: Database>(
     state: State<AppState<DB>>,
diff --git a/atuin-server/src/router.rs b/atuin-server/src/router.rs
index 8509058f..74df229a 100644
--- a/atuin-server/src/router.rs
+++ b/atuin-server/src/router.rs
@@ -5,7 +5,7 @@ use axum::{
     http::{self, request::Parts},
     middleware::Next,
     response::{IntoResponse, Response},
-    routing::{delete, get, post},
+    routing::{delete, get, patch, post},
     Router,
 };
 use eyre::Result;
@@ -119,6 +119,7 @@ pub fn router<DB: Database>(database: DB, settings: Settings<DB::Settings>) -> R
         .route("/history", delete(handlers::history::delete))
         .route("/user/:username", get(handlers::user::get))
         .route("/account", delete(handlers::user::delete))
+        .route("/account/password", patch(handlers::user::change_password))
         .route("/register", post(handlers::user::register))
         .route("/login", post(handlers::user::login))
         .route("/record", post(handlers::record::post::<DB>))
-- 
cgit v1.3.1