2020-06-29 21:14:34 +02:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
|
2022-04-15 09:42:07 +02:00
|
|
|
"github.com/photoprism/photoprism/pkg/clean"
|
2021-12-14 18:34:52 +01:00
|
|
|
|
2020-06-29 21:14:34 +02:00
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"github.com/photoprism/photoprism/internal/acl"
|
|
|
|
"github.com/photoprism/photoprism/internal/entity"
|
|
|
|
"github.com/photoprism/photoprism/internal/form"
|
2020-07-07 10:51:55 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/i18n"
|
2020-06-30 08:50:44 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/service"
|
2020-06-29 21:14:34 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// PUT /api/v1/users/:uid/password
|
|
|
|
func ChangePassword(router *gin.RouterGroup) {
|
|
|
|
router.PUT("/users/:uid/password", func(c *gin.Context) {
|
2020-06-30 08:50:44 +02:00
|
|
|
conf := service.Config()
|
|
|
|
|
2020-12-18 13:05:48 +01:00
|
|
|
if conf.Public() || conf.DisableSettings() {
|
2020-07-07 10:51:55 +02:00
|
|
|
Abort(c, http.StatusForbidden, i18n.ErrPublic)
|
2020-06-30 08:50:44 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-08-13 21:23:34 +02:00
|
|
|
s := Auth(SessionID(c), acl.ResourceUsers, acl.ActionUpdateSelf)
|
2020-06-29 21:14:34 +02:00
|
|
|
|
|
|
|
if s.Invalid() {
|
2020-07-04 12:54:35 +02:00
|
|
|
AbortUnauthorized(c)
|
2020-06-29 21:14:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-04-15 09:42:07 +02:00
|
|
|
uid := clean.IdString(c.Param("uid"))
|
2020-10-03 13:50:30 +02:00
|
|
|
m := entity.FindUserByUID(uid)
|
2020-06-29 21:14:34 +02:00
|
|
|
|
2021-08-12 20:19:46 +02:00
|
|
|
if s.User.UserUID != m.UserUID {
|
|
|
|
AbortUnauthorized(c)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-06-29 21:14:34 +02:00
|
|
|
if m == nil {
|
2020-07-07 10:51:55 +02:00
|
|
|
Abort(c, http.StatusNotFound, i18n.ErrUserNotFound)
|
2020-06-29 21:14:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
f := form.ChangePassword{}
|
|
|
|
|
|
|
|
if err := c.BindJSON(&f); err != nil {
|
2020-07-07 10:51:55 +02:00
|
|
|
Error(c, http.StatusBadRequest, err, i18n.ErrInvalidPassword)
|
2020-06-29 21:14:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if m.InvalidPassword(f.OldPassword) {
|
2020-07-07 10:51:55 +02:00
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrInvalidPassword)
|
2020-06-29 21:14:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := m.SetPassword(f.NewPassword); err != nil {
|
2020-07-07 10:51:55 +02:00
|
|
|
Error(c, http.StatusBadRequest, err, i18n.ErrInvalidPassword)
|
2020-06-29 21:14:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-07-07 10:51:55 +02:00
|
|
|
c.JSON(http.StatusOK, i18n.NewResponse(http.StatusOK, i18n.MsgPasswordChanged))
|
2020-06-29 21:14:34 +02:00
|
|
|
})
|
|
|
|
}
|