Added endpoint for changing passwords

author: Syldexia <syldexia@ofthewi.red> 2018-05-21 22:17:34 +0100
committer: Syldexia <syldexia@ofthewi.red> 2018-05-21 23:06:03 +0100
commit: d0690622cdb885005444848a7db34bf89151e803 (patch)
tree: f6cd21ef588b0f22bf067a3dc948bb024fb3c249 /lib
parent: b4064dfe30b792f5d6d36b72c7cd530afb1c667a (diff)
download: pleroma-d0690622cdb885005444848a7db34bf89151e803.tar.gz
3 files changed, 27 insertions, 3 deletions
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index e774743a2..4ac45b592 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -187,9 +187,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do
     end
   end
 
-  def confirm_current_password(user, params) do
+  def confirm_current_password(user, password) do
     with %User{local: true} = db_user <- Repo.get(User, user.id),
-         true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+         true <- Pbkdf2.checkpw(password, db_user.password_hash) do
       {:ok, db_user}
     else
       _ -> {:error, "Invalid password."}
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 2b5209b75..9389244b1 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
   scope "/api/pleroma", Pleroma.Web.TwitterAPI do
     pipe_through(:authenticated_api)
     post("/follow_import", UtilController, :follow_import)
+    post("/change_password", UtilController, :change_password)
     post("/delete_account", UtilController, :delete_account)
   end
 
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 23e7408a0..cc5146566 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -197,8 +197,31 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     json(conn, "job started")
   end
 
+  def change_password(%{assigns: %{user: user}} = conn, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+      {:ok, user} ->
+        with {:ok, _user} <-
+               User.reset_password(user, %{
+                 password: params["new_password"],
+                 password_confirmation: params["new_password_confirmation"]
+               }) do
+          json(conn, %{status: "success"})
+        else
+          {:error, changeset} ->
+            {_, {error, _}} = Enum.at(changeset.errors, 0)
+            json(conn, %{error: "New password #{error}."})
+
+          _ ->
+            json(conn, %{error: "Unable to change password."})
+        end
+
+      {:error, msg} ->
+        json(conn, %{error: msg})
+    end
+  end
+
   def delete_account(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
       {:ok, user} ->
         Task.start(fn -> User.delete(user) end)
         json(conn, %{status: "success"})
author	Syldexia <syldexia@ofthewi.red>	2018-05-21 22:17:34 +0100
committer	Syldexia <syldexia@ofthewi.red>	2018-05-21 23:06:03 +0100
commit	d0690622cdb885005444848a7db34bf89151e803 (patch)
tree	f6cd21ef588b0f22bf067a3dc948bb024fb3c249 /lib
parent	b4064dfe30b792f5d6d36b72c7cd530afb1c667a (diff)
download	pleroma-d0690622cdb885005444848a7db34bf89151e803.tar.gz