From 3fa00f78b3b1da9dcb58913f4faf9011291fd52d Mon Sep 17 00:00:00 2001 From: Colin Okay Date: Sat, 26 Feb 2022 12:44:57 -0600 Subject: added changed password endpoint --- src/main.lisp | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/main.lisp b/src/main.lisp index 0716dba..72b06e0 100644 --- a/src/main.lisp +++ b/src/main.lisp @@ -367,6 +367,11 @@ started, this will allow remote live debugging of the system. ;;; DATABASE TRANSACTIONS +(defun update-password (contributor new-password) + (db:with-transaction () + (with-slots (salt hashed-pw) contributor + (setf hashed-pw (pw-hash new-password salt))))) + (defun set-contributor-locked (contributor value) "Lock / unlock a contributor account" (db:with-transaction () @@ -550,11 +555,24 @@ started, this will allow remote live debugging of the system. ;;; ENDPOINT DEFINITIONS -(defendpoint* :put "/contributor/:handle a-user-handle:/locked" ((value a-boolean)) +(defendpoint* :put "/contributor/:handle a-user-handle:/locked" ((value a-boolean) + (token an-api-token)) (:auth 'admin-only) (set-contributor-locked contributor value) "true") +(defendpoint* :put "/contributor/:handle a-user-handle:/password" ((value a-string) + (repeated a-string) + (token an-api-token)) + (:auth t) + (unless (or (eq handle (api-contributor token)) + (adminp (api-contributor token))) + (http-err 403 "Cannot change that password.")) + (unless (equalp value repeated) + (http-err 400 "The two passwords do not match.")) + (update-password handle value) + "true") + (defendpoint* :post "/invite/redeem/:code an-invite-code:" () () "Redeem an [invite code](#invite-code) and create a new [contributor](#new-contributor-post-body)" (with-plist (password1 password2 handle) (lzb:request-body) @@ -564,7 +582,6 @@ started, this will allow remote live debugging of the system. (http-err 400 (format nil "~a is not a valid contributor handle." handle))) (when (contributor-by-handle handle) (http-err 403 (format nil "The name ~a is already taken." handle))) - (redeem-invite code handle password1) "true")) -- cgit v1.2.3