Add API method for changing password

docs/openapi.yaml

@@ -157,6 +157,29 @@ paths:
                 $ref: '#/components/schemas/AccountWithSource'
         400:
           description: Invalid user data.
+  /api/v1/accounts/change_password:
+    post:
+      summary: Set or change user's password.
+      security:
+        - tokenAuth: []
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                new_password:
+                  description: New password.
+                  type: string
+      responses:
+        200:
+          description: Successful operation.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AccountWithSource'
+        400:
+          description: Invalid request data.
   /api/v1/accounts/signed_update:
     get:
       summary: Build Update(Person) activity for signing (experimental).

src/mastodon_api/accounts/types.rs

@@ -262,6 +262,11 @@ impl AccountUpdateData {
     }
 }
 
+#[derive(Deserialize)]
+pub struct PasswordChangeRequest {
+    pub new_password: String,
+}
+
 #[derive(Serialize)]
 pub struct UnsignedUpdate {
     pub internal_activity_id: Uuid,

src/mastodon_api/accounts/views.rs

@@ -69,6 +69,7 @@ use crate::models::users::queries::{
     is_valid_invite_code,
     create_user,
     get_user_by_did,
+    set_user_password,
 };
 use crate::models::users::types::UserCreateData;
 use crate::utils::{
@@ -93,6 +94,7 @@ use super::types::{
     IdentityClaim,
     IdentityClaimQueryParams,
     IdentityProofData,
+    PasswordChangeRequest,
     RelationshipQueryParams,
     SearchAcctQueryParams,
     SearchDidQueryParams,
@@ -227,6 +229,22 @@ async fn update_credentials(
     Ok(HttpResponse::Ok().json(account))
 }
 
+#[post("/change_password")]
+async fn change_password_view(
+    auth: BearerAuth,
+    config: web::Data<Config>,
+    db_pool: web::Data<Pool>,
+    request_data: web::Json<PasswordChangeRequest>,
+) -> Result<HttpResponse, HttpError> {
+    let db_client = &**get_database_client(&db_pool).await?;
+    let current_user = get_current_user(db_client, auth.token()).await?;
+    let password_hash = hash_password(&request_data.new_password)
+        .map_err(|_| HttpError::InternalError)?;
+    set_user_password(db_client, &current_user.id, password_hash).await?;
+    let account = Account::from_user(current_user, &config.instance_url());
+    Ok(HttpResponse::Ok().json(account))
+}
+
 #[get("/signed_update")]
 async fn get_unsigned_update(
     auth: BearerAuth,
@@ -703,6 +721,7 @@ pub fn account_api_scope() -> Scope {
         .service(create_account)
         .service(verify_credentials)
         .service(update_credentials)
+        .service(change_password_view)
         .service(get_unsigned_update)
         .service(send_signed_update)
         .service(get_identity_claim)