diff options
| author | Colin Okay <okay@toyful.space> | 2022-02-26 12:44:57 -0600 |
|---|---|---|
| committer | Colin Okay <okay@toyful.space> | 2022-02-26 12:44:57 -0600 |
| commit | 3fa00f78b3b1da9dcb58913f4faf9011291fd52d (patch) | |
| tree | 188a9340ea131d4a67c02d2edc651a3a8ef484f8 | |
| parent | b78fcbc86d4c0079decac65efd2723bbe5a0fffb (diff) | |
added changed password endpoint
| -rw-r--r-- | src/main.lisp | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/main.lisp b/src/main.lisp index 0716dba..72b06e0 100644 --- a/src/main.lisp +++ b/src/main.lisp @@ -367,6 +367,11 @@ started, this will allow remote live debugging of the system. ;;; DATABASE TRANSACTIONS +(defun update-password (contributor new-password) + (db:with-transaction () + (with-slots (salt hashed-pw) contributor + (setf hashed-pw (pw-hash new-password salt))))) + (defun set-contributor-locked (contributor value) "Lock / unlock a contributor account" (db:with-transaction () @@ -550,11 +555,24 @@ started, this will allow remote live debugging of the system. ;;; ENDPOINT DEFINITIONS -(defendpoint* :put "/contributor/:handle a-user-handle:/locked" ((value a-boolean)) +(defendpoint* :put "/contributor/:handle a-user-handle:/locked" ((value a-boolean) + (token an-api-token)) (:auth 'admin-only) (set-contributor-locked contributor value) "true") +(defendpoint* :put "/contributor/:handle a-user-handle:/password" ((value a-string) + (repeated a-string) + (token an-api-token)) + (:auth t) + (unless (or (eq handle (api-contributor token)) + (adminp (api-contributor token))) + (http-err 403 "Cannot change that password.")) + (unless (equalp value repeated) + (http-err 400 "The two passwords do not match.")) + (update-password handle value) + "true") + (defendpoint* :post "/invite/redeem/:code an-invite-code:" () () "Redeem an [invite code](#invite-code) and create a new [contributor](#new-contributor-post-body)" (with-plist (password1 password2 handle) (lzb:request-body) @@ -564,7 +582,6 @@ started, this will allow remote live debugging of the system. (http-err 400 (format nil "~a is not a valid contributor handle." handle))) (when (contributor-by-handle handle) (http-err 403 (format nil "The name ~a is already taken." handle))) - (redeem-invite code handle password1) "true")) |