diff --git a/docs/openapi.yaml b/docs/openapi.yaml index 84f34ec..20f1dd1 100644 --- a/docs/openapi.yaml +++ b/docs/openapi.yaml @@ -157,29 +157,6 @@ paths: $ref: '#/components/schemas/AccountWithSource' 400: description: Invalid user data. - /api/v1/accounts/change_password: - post: - summary: Set or change user's password. - security: - - tokenAuth: [] - requestBody: - content: - application/json: - schema: - type: object - properties: - new_password: - description: New password. - type: string - responses: - 200: - description: Successful operation. - content: - application/json: - schema: - $ref: '#/components/schemas/AccountWithSource' - 400: - description: Invalid request data. /api/v1/accounts/signed_update: get: summary: Build Update(Person) activity for signing (experimental). @@ -633,6 +610,29 @@ paths: type: array items: $ref: '#/components/schemas/Notification' + /api/v1/settings/change_password: + post: + summary: Set or change user's password. + security: + - tokenAuth: [] + requestBody: + content: + application/json: + schema: + type: object + properties: + new_password: + description: New password. + type: string + responses: + 200: + description: Successful operation. + content: + application/json: + schema: + $ref: '#/components/schemas/AccountWithSource' + 400: + description: Invalid request data. /api/v1/settings/export_followers: get: summary: Export followers to CSV file diff --git a/src/mastodon_api/accounts/types.rs b/src/mastodon_api/accounts/types.rs index 3aaf09c..cb0fb77 100644 --- a/src/mastodon_api/accounts/types.rs +++ b/src/mastodon_api/accounts/types.rs @@ -262,11 +262,6 @@ impl AccountUpdateData { } } -#[derive(Deserialize)] -pub struct PasswordChangeRequest { - pub new_password: String, -} - #[derive(Serialize)] pub struct UnsignedUpdate { pub internal_activity_id: Uuid, diff --git a/src/mastodon_api/accounts/views.rs b/src/mastodon_api/accounts/views.rs index d06b02b..c5eae9c 100644 --- a/src/mastodon_api/accounts/views.rs +++ b/src/mastodon_api/accounts/views.rs @@ -67,10 +67,9 @@ use crate::models::relationships::queries::{ }; use crate::models::subscriptions::queries::get_incoming_subscriptions; use crate::models::users::queries::{ - is_valid_invite_code, create_user, get_user_by_did, - set_user_password, + is_valid_invite_code, }; use crate::models::users::types::UserCreateData; use crate::utils::{ @@ -95,7 +94,6 @@ use super::types::{ IdentityClaim, IdentityClaimQueryParams, IdentityProofData, - PasswordChangeRequest, RelationshipQueryParams, SearchAcctQueryParams, SearchDidQueryParams, @@ -232,22 +230,6 @@ async fn update_credentials( Ok(HttpResponse::Ok().json(account)) } -#[post("/change_password")] -async fn change_password_view( - auth: BearerAuth, - config: web::Data, - db_pool: web::Data, - request_data: web::Json, -) -> Result { - let db_client = &**get_database_client(&db_pool).await?; - let current_user = get_current_user(db_client, auth.token()).await?; - let password_hash = hash_password(&request_data.new_password) - .map_err(|_| HttpError::InternalError)?; - set_user_password(db_client, ¤t_user.id, password_hash).await?; - let account = Account::from_user(current_user, &config.instance_url()); - Ok(HttpResponse::Ok().json(account)) -} - #[get("/signed_update")] async fn get_unsigned_update( auth: BearerAuth, @@ -728,7 +710,6 @@ pub fn account_api_scope() -> Scope { .service(create_account) .service(verify_credentials) .service(update_credentials) - .service(change_password_view) .service(get_unsigned_update) .service(send_signed_update) .service(get_identity_claim) diff --git a/src/mastodon_api/settings/mod.rs b/src/mastodon_api/settings/mod.rs index 5957542..083138a 100644 --- a/src/mastodon_api/settings/mod.rs +++ b/src/mastodon_api/settings/mod.rs @@ -1,2 +1,3 @@ mod helpers; +mod types; pub mod views; diff --git a/src/mastodon_api/settings/types.rs b/src/mastodon_api/settings/types.rs new file mode 100644 index 0000000..aa1dfce --- /dev/null +++ b/src/mastodon_api/settings/types.rs @@ -0,0 +1,6 @@ +use serde::Deserialize; + +#[derive(Deserialize)] +pub struct PasswordChangeRequest { + pub new_password: String, +} diff --git a/src/mastodon_api/settings/views.rs b/src/mastodon_api/settings/views.rs index eb6029f..d6e3d7a 100644 --- a/src/mastodon_api/settings/views.rs +++ b/src/mastodon_api/settings/views.rs @@ -1,11 +1,33 @@ -use actix_web::{get, web, HttpResponse, Scope}; +use actix_web::{get, post, web, HttpResponse, Scope}; use actix_web_httpauth::extractors::bearer::BearerAuth; use crate::config::Config; use crate::database::{Pool, get_database_client}; use crate::errors::HttpError; -use crate::mastodon_api::oauth::auth::get_current_user; +use crate::mastodon_api::{ + accounts::types::Account, + oauth::auth::get_current_user, +}; +use crate::models::users::queries::set_user_password; +use crate::utils::passwords::hash_password; use super::helpers::{export_followers, export_follows}; +use super::types::PasswordChangeRequest; + +#[post("/change_password")] +async fn change_password_view( + auth: BearerAuth, + config: web::Data, + db_pool: web::Data, + request_data: web::Json, +) -> Result { + let db_client = &**get_database_client(&db_pool).await?; + let current_user = get_current_user(db_client, auth.token()).await?; + let password_hash = hash_password(&request_data.new_password) + .map_err(|_| HttpError::InternalError)?; + set_user_password(db_client, ¤t_user.id, password_hash).await?; + let account = Account::from_user(current_user, &config.instance_url()); + Ok(HttpResponse::Ok().json(account)) +} #[get("/export_followers")] async fn export_followers_view( @@ -47,6 +69,7 @@ async fn export_follows_view( pub fn settings_api_scope() -> Scope { web::scope("/api/v1/settings") + .service(change_password_view) .service(export_followers_view) .service(export_follows_view) }