✨ add changePassword

2 years ago · 3325f8679c
parent d1d2233f69
commit 3325f8679c
3 changed files with 27 additions and 6 deletions
--- a/bin/server.dart
+++ b/bin/server.dart
@ -18,6 +18,7 @@ final _router = Router()
  ..put('/user/master-password', API.changeMasterPassword)
  ..post('/user/password-file', API.uploadPasswordDb)
  ..put('/user/change-mail', API.changeMail)
+  ..put('/user/password', API.changeMasterPassword)
  // DELETE
  ..delete('/user/account', API.deleteAccount);

--- a/lib/api/api.dart
+++ b/lib/api/api.dart
@ -94,8 +94,23 @@ class API {
  }

  // Update master password
-  static Response changeMasterPassword(Request req) {
-    return Response.ok("master password changed");
+  static Future<Response> changeMasterPassword(Request req) async {
+    final List<String> required = ["email", "newPassword", "newSalt"];
+    final body = await bodyToJson(req);
+
+    if (await checkRequiredFields(required, body)) {
+      try {
+        await AccountsToPostgres.updatePassword(
+            body[required[0]], body[required[1]], body[required[2]]);
+      } catch (e) {
+        return Response(403,
+            body: 'This is not the good password'); // 403 (Forbidden)
+      }
+      return Response(201,
+          body: 'user\'s password succesfully changed'); // 201 (Created)
+    } else {
+      return Response.badRequest(body: 'Bad request'); // 400 (Bad Request)
+    }
  }

  // Update mail
--- a/lib/database/accounts_to_postgres.dart
+++ b/lib/database/accounts_to_postgres.dart
@ -103,13 +103,18 @@ class AccountsToPostgres {

  // Update user password
  static Future<void> updatePassword(
-      String mail, String hash, String salt) async {
+      String mail, String newHash, String newSalt) async {
    if (selectHashByMail(mail) == null) {
      return;
    } else {
      await connection.query(
-          "UPDATE \"Account\" SET hash=@hash, salt=@salt WHERE mail=@mail",
-          substitutionValues: {"mail": mail, "hash": hash, "salt": salt});
+          "UPDATE \"Account\" SET hash=@newHash and salt=@salt WHERE mail=@mail",
+          substitutionValues: {
+            "mail": mail,
+            "newHash": newHash,
+            "newSalt": newSalt
+          });
+      print("✅ Passworld succesfully updated");
    }
  }

@ -148,8 +153,8 @@ class AccountsToPostgres {
      await connection.query(
          "UPDATE \"Account\" SET mail=@newMail WHERE mail=@mail",
          substitutionValues: {"newMail": newMail, "mail": mail});
+      print("✅ Mail succesfully updated");
    }
-    print("✅ Mail succesfully updated");
  }

  // ADMIN: get infos on all users