aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Okay <okay@toyful.space>2022-02-26 12:44:57 -0600
committerColin Okay <okay@toyful.space>2022-02-26 12:44:57 -0600
commit3fa00f78b3b1da9dcb58913f4faf9011291fd52d (patch)
tree188a9340ea131d4a67c02d2edc651a3a8ef484f8
parentb78fcbc86d4c0079decac65efd2723bbe5a0fffb (diff)
added changed password endpoint
-rw-r--r--src/main.lisp21
1 files changed, 19 insertions, 2 deletions
diff --git a/src/main.lisp b/src/main.lisp
index 0716dba..72b06e0 100644
--- a/src/main.lisp
+++ b/src/main.lisp
@@ -367,6 +367,11 @@ started, this will allow remote live debugging of the system.
;;; DATABASE TRANSACTIONS
+(defun update-password (contributor new-password)
+ (db:with-transaction ()
+ (with-slots (salt hashed-pw) contributor
+ (setf hashed-pw (pw-hash new-password salt)))))
+
(defun set-contributor-locked (contributor value)
"Lock / unlock a contributor account"
(db:with-transaction ()
@@ -550,11 +555,24 @@ started, this will allow remote live debugging of the system.
;;; ENDPOINT DEFINITIONS
-(defendpoint* :put "/contributor/:handle a-user-handle:/locked" ((value a-boolean))
+(defendpoint* :put "/contributor/:handle a-user-handle:/locked" ((value a-boolean)
+ (token an-api-token))
(:auth 'admin-only)
(set-contributor-locked contributor value)
"true")
+(defendpoint* :put "/contributor/:handle a-user-handle:/password" ((value a-string)
+ (repeated a-string)
+ (token an-api-token))
+ (:auth t)
+ (unless (or (eq handle (api-contributor token))
+ (adminp (api-contributor token)))
+ (http-err 403 "Cannot change that password."))
+ (unless (equalp value repeated)
+ (http-err 400 "The two passwords do not match."))
+ (update-password handle value)
+ "true")
+
(defendpoint* :post "/invite/redeem/:code an-invite-code:" () ()
"Redeem an [invite code](#invite-code) and create a new [contributor](#new-contributor-post-body)"
(with-plist (password1 password2 handle) (lzb:request-body)
@@ -564,7 +582,6 @@ started, this will allow remote live debugging of the system.
(http-err 400 (format nil "~a is not a valid contributor handle." handle)))
(when (contributor-by-handle handle)
(http-err 403 (format nil "The name ~a is already taken." handle)))
-
(redeem-invite code handle password1)
"true"))