Move change_password API method to /api/v1/settings/change_password

docs/openapi.yaml

@@ -157,29 +157,6 @@ paths:
                 $ref: '#/components/schemas/AccountWithSource'
         400:
           description: Invalid user data.
-  /api/v1/accounts/change_password:
-    post:
-      summary: Set or change user's password.
-      security:
-        - tokenAuth: []
-      requestBody:
-        content:
-          application/json:
-            schema:
-              type: object
-              properties:
-                new_password:
-                  description: New password.
-                  type: string
-      responses:
-        200:
-          description: Successful operation.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/AccountWithSource'
-        400:
-          description: Invalid request data.
   /api/v1/accounts/signed_update:
     get:
       summary: Build Update(Person) activity for signing (experimental).
@@ -633,6 +610,29 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/Notification'
+  /api/v1/settings/change_password:
+    post:
+      summary: Set or change user's password.
+      security:
+        - tokenAuth: []
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                new_password:
+                  description: New password.
+                  type: string
+      responses:
+        200:
+          description: Successful operation.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AccountWithSource'
+        400:
+          description: Invalid request data.
   /api/v1/settings/export_followers:
     get:
       summary: Export followers to CSV file

src/mastodon_api/accounts/types.rs

@@ -262,11 +262,6 @@ impl AccountUpdateData {
     }
 }
 
-#[derive(Deserialize)]
-pub struct PasswordChangeRequest {
-    pub new_password: String,
-}
-
 #[derive(Serialize)]
 pub struct UnsignedUpdate {
     pub internal_activity_id: Uuid,

src/mastodon_api/accounts/views.rs

@@ -67,10 +67,9 @@ use crate::models::relationships::queries::{
 };
 use crate::models::subscriptions::queries::get_incoming_subscriptions;
 use crate::models::users::queries::{
-    is_valid_invite_code,
     create_user,
     get_user_by_did,
-    set_user_password,
+    is_valid_invite_code,
 };
 use crate::models::users::types::UserCreateData;
 use crate::utils::{
@@ -95,7 +94,6 @@ use super::types::{
     IdentityClaim,
     IdentityClaimQueryParams,
     IdentityProofData,
-    PasswordChangeRequest,
     RelationshipQueryParams,
     SearchAcctQueryParams,
     SearchDidQueryParams,
@@ -232,22 +230,6 @@ async fn update_credentials(
     Ok(HttpResponse::Ok().json(account))
 }
 
-#[post("/change_password")]
-async fn change_password_view(
-    auth: BearerAuth,
-    config: web::Data<Config>,
-    db_pool: web::Data<Pool>,
-    request_data: web::Json<PasswordChangeRequest>,
-) -> Result<HttpResponse, HttpError> {
-    let db_client = &**get_database_client(&db_pool).await?;
-    let current_user = get_current_user(db_client, auth.token()).await?;
-    let password_hash = hash_password(&request_data.new_password)
-        .map_err(|_| HttpError::InternalError)?;
-    set_user_password(db_client, &current_user.id, password_hash).await?;
-    let account = Account::from_user(current_user, &config.instance_url());
-    Ok(HttpResponse::Ok().json(account))
-}
-
 #[get("/signed_update")]
 async fn get_unsigned_update(
     auth: BearerAuth,
@@ -728,7 +710,6 @@ pub fn account_api_scope() -> Scope {
         .service(create_account)
         .service(verify_credentials)
         .service(update_credentials)
-        .service(change_password_view)
         .service(get_unsigned_update)
         .service(send_signed_update)
         .service(get_identity_claim)

src/mastodon_api/settings/mod.rs

@@ -1,2 +1,3 @@
 mod helpers;
+mod types;
 pub mod views;

src/mastodon_api/settings/types.rs

@@ -0,0 +1,6 @@
+use serde::Deserialize;
+
+#[derive(Deserialize)]
+pub struct PasswordChangeRequest {
+    pub new_password: String,
+}

src/mastodon_api/settings/views.rs

@@ -1,11 +1,33 @@
-use actix_web::{get, web, HttpResponse, Scope};
+use actix_web::{get, post, web, HttpResponse, Scope};
 use actix_web_httpauth::extractors::bearer::BearerAuth;
 
 use crate::config::Config;
 use crate::database::{Pool, get_database_client};
 use crate::errors::HttpError;
-use crate::mastodon_api::oauth::auth::get_current_user;
+use crate::mastodon_api::{
+    accounts::types::Account,
+    oauth::auth::get_current_user,
+};
+use crate::models::users::queries::set_user_password;
+use crate::utils::passwords::hash_password;
 use super::helpers::{export_followers, export_follows};
+use super::types::PasswordChangeRequest;
+
+#[post("/change_password")]
+async fn change_password_view(
+    auth: BearerAuth,
+    config: web::Data<Config>,
+    db_pool: web::Data<Pool>,
+    request_data: web::Json<PasswordChangeRequest>,
+) -> Result<HttpResponse, HttpError> {
+    let db_client = &**get_database_client(&db_pool).await?;
+    let current_user = get_current_user(db_client, auth.token()).await?;
+    let password_hash = hash_password(&request_data.new_password)
+        .map_err(|_| HttpError::InternalError)?;
+    set_user_password(db_client, &current_user.id, password_hash).await?;
+    let account = Account::from_user(current_user, &config.instance_url());
+    Ok(HttpResponse::Ok().json(account))
+}
 
 #[get("/export_followers")]
 async fn export_followers_view(
@@ -47,6 +69,7 @@ async fn export_follows_view(
 
 pub fn settings_api_scope() -> Scope {
     web::scope("/api/v1/settings")
+        .service(change_password_view)
         .service(export_followers_view)
         .service(export_follows_view)
 }