61 lines
1.5 KiB
Go
61 lines
1.5 KiB
Go
package api
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/photoprism/photoprism/internal/acl"
|
|
"github.com/photoprism/photoprism/internal/entity"
|
|
"github.com/photoprism/photoprism/internal/form"
|
|
"github.com/photoprism/photoprism/internal/service"
|
|
)
|
|
|
|
// PUT /api/v1/users/:uid/password
|
|
func ChangePassword(router *gin.RouterGroup) {
|
|
router.PUT("/users/:uid/password", func(c *gin.Context) {
|
|
conf := service.Config()
|
|
|
|
if conf.Public() {
|
|
c.AbortWithStatusJSON(http.StatusForbidden, ErrPublic)
|
|
return
|
|
}
|
|
|
|
s := Auth(SessionID(c), acl.ResourcePeople, acl.ActionUpdateSelf)
|
|
|
|
if s.Invalid() {
|
|
AbortUnauthorized(c)
|
|
return
|
|
}
|
|
|
|
uid := c.Param("uid")
|
|
m := entity.FindPersonByUID(uid)
|
|
|
|
if m == nil {
|
|
log.Errorf("change password: user not found")
|
|
c.AbortWithStatusJSON(http.StatusNotFound, ErrInvalidPassword)
|
|
return
|
|
}
|
|
|
|
f := form.ChangePassword{}
|
|
|
|
if err := c.BindJSON(&f); err != nil {
|
|
log.Errorf("change password: %s", err)
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, ErrInvalidPassword)
|
|
return
|
|
}
|
|
|
|
if m.InvalidPassword(f.OldPassword) {
|
|
log.Errorf("change password: invalid password")
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, ErrInvalidPassword)
|
|
return
|
|
}
|
|
|
|
if err := m.SetPassword(f.NewPassword); err != nil {
|
|
log.Errorf("change password: %s", err)
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"code": http.StatusBadRequest, "error": err.Error()})
|
|
return
|
|
}
|
|
|
|
c.JSON(http.StatusOK, gin.H{"code": http.StatusOK, "message": "password changed"})
|
|
})
|
|
}
|