diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/common_api/utils.ex | 4 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 1 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/controllers/util_controller.ex | 25 |
3 files changed, 27 insertions, 3 deletions
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index e774743a2..4ac45b592 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -187,9 +187,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do end end - def confirm_current_password(user, params) do + def confirm_current_password(user, password) do with %User{local: true} = db_user <- Repo.get(User, user.id), - true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do + true <- Pbkdf2.checkpw(password, db_user.password_hash) do {:ok, db_user} else _ -> {:error, "Invalid password."} diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 2b5209b75..9389244b1 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do scope "/api/pleroma", Pleroma.Web.TwitterAPI do pipe_through(:authenticated_api) post("/follow_import", UtilController, :follow_import) + post("/change_password", UtilController, :change_password) post("/delete_account", UtilController, :delete_account) end diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 23e7408a0..cc5146566 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -197,8 +197,31 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do json(conn, "job started") end + def change_password(%{assigns: %{user: user}} = conn, params) do + case CommonAPI.Utils.confirm_current_password(user, params["password"]) do + {:ok, user} -> + with {:ok, _user} <- + User.reset_password(user, %{ + password: params["new_password"], + password_confirmation: params["new_password_confirmation"] + }) do + json(conn, %{status: "success"}) + else + {:error, changeset} -> + {_, {error, _}} = Enum.at(changeset.errors, 0) + json(conn, %{error: "New password #{error}."}) + + _ -> + json(conn, %{error: "Unable to change password."}) + end + + {:error, msg} -> + json(conn, %{error: msg}) + end + end + def delete_account(%{assigns: %{user: user}} = conn, params) do - case CommonAPI.Utils.confirm_current_password(user, params) do + case CommonAPI.Utils.confirm_current_password(user, params["password"]) do {:ok, user} -> Task.start(fn -> User.delete(user) end) json(conn, %{status: "success"}) |