From 4e90455bf49a333ad92c5f898f6460a4d4fb25ba Mon Sep 17 00:00:00 2001 From: tsmethurst Date: Mon, 11 Oct 2021 17:00:44 +0200 Subject: [PATCH] start passwordChangeHandler --- internal/api/client/user/passwordchange.go | 82 ++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 internal/api/client/user/passwordchange.go diff --git a/internal/api/client/user/passwordchange.go b/internal/api/client/user/passwordchange.go new file mode 100644 index 000000000..1486dbac3 --- /dev/null +++ b/internal/api/client/user/passwordchange.go @@ -0,0 +1,82 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package user + +import ( + "net/http" + + "github.com/gin-gonic/gin" + "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// PasswordChangePOSTHandler swagger:operation POST /api/v1/user/password_change userPasswordChange +// +// Change the password of authenticated user. +// +// The parameters can also be given in the body of the request, as JSON, if the content-type is set to 'application/json'. +// The parameters can also be given in the body of the request, as XML, if the content-type is set to 'application/xml'. +// +// --- +// tags: +// - user +// +// consumes: +// - application/json +// - application/xml +// - application/x-www-form-urlencoded +// +// produces: +// - application/json +// +// security: +// - OAuth2 Bearer: +// - write:user +// +// responses: +// '200': +// description: Change successful +// '401': +// description: unauthorized +// '403': +// description: forbidden +// '400': +// description: bad request +// '500': +// description: "internal error" +func (m *Module) PasswordChangePOSTHandler(c *gin.Context) { + l := logrus.WithField("func", "PasswordChangePOSTHandler") + + authed, err := oauth.Authed(c, true, true, true, true) + if err != nil { + l.Debugf("error authing: %s", err) + c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"}) + return + } + + // First check this user/account is active. + if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { + l.Debugf("couldn't auth: %s", err) + c.JSON(http.StatusForbidden, gin.H{"error": "account is disabled, not yet approved, or suspended"}) + return + } + + + +}