54 lines
1.4 KiB
Rust
54 lines
1.4 KiB
Rust
use actix_web::{web, HttpResponse, Responder};
|
|
use serde::Deserialize;
|
|
use sqlx::PgPool;
|
|
|
|
use crate::{auth::utils, models::User};
|
|
|
|
#[derive(Deserialize)]
|
|
struct ChangePasswordForm {
|
|
currentpassword: String,
|
|
password: String,
|
|
passwordretyped: String,
|
|
}
|
|
|
|
#[actix_web::post("/users/changepassword")]
|
|
async fn post(
|
|
user: web::ReqData<User>,
|
|
form: web::Form<ChangePasswordForm>,
|
|
pool: web::Data<PgPool>,
|
|
) -> impl Responder {
|
|
if user.password.as_ref().is_some_and(|p|
|
|
p == &utils::hash_plain_password_with_salt(
|
|
&form.currentpassword,
|
|
user.salt.as_ref().unwrap(),
|
|
)
|
|
.unwrap()
|
|
) {
|
|
if form.password != form.passwordretyped {
|
|
return HttpResponse::BadRequest().body("Passwörter stimmen nicht überein!");
|
|
}
|
|
|
|
let (hash, salt) = utils::generate_salt_and_hash_plain_password(&form.password).unwrap();
|
|
|
|
User::update(
|
|
pool.get_ref(),
|
|
user.id,
|
|
None,
|
|
None,
|
|
Some(&hash),
|
|
Some(&salt),
|
|
None,
|
|
None,
|
|
None,
|
|
None,
|
|
None,
|
|
)
|
|
.await
|
|
.unwrap();
|
|
|
|
return HttpResponse::Ok().body(r#"<div class="block">Passwort wurde geändert.</div>"#);
|
|
} else {
|
|
return HttpResponse::BadRequest().body("Aktuelles Passwort ist nicht korrekt!");
|
|
}
|
|
}
|