2023-03-12 18:00:57 +03:00
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
2021-10-14 15:26:04 +03:00
package user
import (
2022-06-08 21:38:03 +03:00
"errors"
2021-10-14 15:26:04 +03:00
"net/http"
"github.com/gin-gonic/gin"
2023-01-02 15:10:50 +03:00
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
2024-06-07 17:21:57 +03:00
"github.com/superseriousbusiness/gotosocial/internal/config"
2022-06-08 21:38:03 +03:00
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
2021-10-14 15:26:04 +03:00
"github.com/superseriousbusiness/gotosocial/internal/oauth"
)
2024-06-07 17:21:57 +03:00
const OIDCPasswordHelp = "password change request cannot be processed by GoToSocial as this instance is running with OIDC enabled; you must change password using your OIDC provider"
2021-10-14 15:26:04 +03:00
// PasswordChangePOSTHandler swagger:operation POST /api/v1/user/password_change userPasswordChange
//
// Change the password of authenticated user.
//
// The parameters can also be given in the body of the request, as JSON, if the content-type is set to 'application/json'.
// The parameters can also be given in the body of the request, as XML, if the content-type is set to 'application/xml'.
//
2022-09-28 20:30:40 +03:00
// ---
// tags:
// - user
2021-10-14 15:26:04 +03:00
//
2022-09-28 20:30:40 +03:00
// consumes:
// - application/json
// - application/xml
// - application/x-www-form-urlencoded
2021-10-14 15:26:04 +03:00
//
2022-09-28 20:30:40 +03:00
// produces:
// - application/json
2021-10-14 15:26:04 +03:00
//
2022-09-28 20:30:40 +03:00
// security:
// - OAuth2 Bearer:
// - write:user
2021-10-14 15:26:04 +03:00
//
2022-09-28 20:30:40 +03:00
// responses:
// '200':
// description: Change successful
// '400':
// description: bad request
// '401':
// description: unauthorized
// '403':
// description: forbidden
// '406':
// description: not acceptable
2024-06-07 17:21:57 +03:00
// '422':
// description: unprocessable request because instance is running with OIDC backend
2022-09-28 20:30:40 +03:00
// '500':
// description: internal error
2021-10-14 15:26:04 +03:00
func ( m * Module ) PasswordChangePOSTHandler ( c * gin . Context ) {
authed , err := oauth . Authed ( c , true , true , true , true )
if err != nil {
2023-02-02 16:08:13 +03:00
apiutil . ErrorHandler ( c , gtserror . NewErrorUnauthorized ( err , err . Error ( ) ) , m . processor . InstanceGetV1 )
2021-10-14 15:26:04 +03:00
return
}
2023-01-02 15:10:50 +03:00
if _ , err := apiutil . NegotiateAccept ( c , apiutil . JSONAcceptHeaders ... ) ; err != nil {
2023-02-02 16:08:13 +03:00
apiutil . ErrorHandler ( c , gtserror . NewErrorNotAcceptable ( err , err . Error ( ) ) , m . processor . InstanceGetV1 )
2021-12-11 19:50:00 +03:00
return
}
2024-06-07 17:21:57 +03:00
if config . GetOIDCEnabled ( ) {
err := errors . New ( "instance running with OIDC" )
apiutil . ErrorHandler ( c , gtserror . NewErrorUnprocessableEntity ( err , OIDCPasswordHelp ) , m . processor . InstanceGetV1 )
return
}
2023-01-02 15:10:50 +03:00
form := & apimodel . PasswordChangeRequest { }
2022-06-08 21:38:03 +03:00
if err := c . ShouldBind ( form ) ; err != nil {
2023-02-02 16:08:13 +03:00
apiutil . ErrorHandler ( c , gtserror . NewErrorBadRequest ( err , err . Error ( ) ) , m . processor . InstanceGetV1 )
2021-10-14 15:26:04 +03:00
return
}
2022-06-08 21:38:03 +03:00
if form . OldPassword == "" {
err := errors . New ( "password change request missing field old_password" )
2023-02-02 16:08:13 +03:00
apiutil . ErrorHandler ( c , gtserror . NewErrorBadRequest ( err , err . Error ( ) ) , m . processor . InstanceGetV1 )
2022-06-08 21:38:03 +03:00
return
}
if form . NewPassword == "" {
err := errors . New ( "password change request missing field new_password" )
2023-02-02 16:08:13 +03:00
apiutil . ErrorHandler ( c , gtserror . NewErrorBadRequest ( err , err . Error ( ) ) , m . processor . InstanceGetV1 )
2021-10-14 15:26:04 +03:00
return
}
2023-02-22 18:05:26 +03:00
if errWithCode := m . processor . User ( ) . PasswordChange ( c . Request . Context ( ) , authed . User , form . OldPassword , form . NewPassword ) ; errWithCode != nil {
2023-02-02 16:08:13 +03:00
apiutil . ErrorHandler ( c , errWithCode , m . processor . InstanceGetV1 )
2021-10-14 15:26:04 +03:00
return
}
2023-11-27 17:00:57 +03:00
apiutil . Data ( c , http . StatusOK , apiutil . AppJSON , apiutil . StatusOKJSON )
2021-10-14 15:26:04 +03:00
}