From 3325f8679c49c6bf32943adbfbd62a70b6af1c56 Mon Sep 17 00:00:00 2001
From: RemRem <remrem@github.com>
Date: Fri, 6 Jan 2023 15:37:41 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20add=20changePassword?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bin/server.dart                        |  1 +
 lib/api/api.dart                       | 19 +++++++++++++++++--
 lib/database/accounts_to_postgres.dart | 13 +++++++++----
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/bin/server.dart b/bin/server.dart
index 66a99d1..a1520ea 100755
--- a/bin/server.dart
+++ b/bin/server.dart
@@ -18,6 +18,7 @@ final _router = Router()
   ..put('/user/master-password', API.changeMasterPassword)
   ..post('/user/password-file', API.uploadPasswordDb)
   ..put('/user/change-mail', API.changeMail)
+  ..put('/user/password', API.changeMasterPassword)
   // DELETE
   ..delete('/user/account', API.deleteAccount);
 
diff --git a/lib/api/api.dart b/lib/api/api.dart
index afd43a7..d44b78b 100644
--- a/lib/api/api.dart
+++ b/lib/api/api.dart
@@ -94,8 +94,23 @@ class API {
   }
 
   // Update master password
-  static Response changeMasterPassword(Request req) {
-    return Response.ok("master password changed");
+  static Future<Response> changeMasterPassword(Request req) async {
+    final List<String> required = ["email", "newPassword", "newSalt"];
+    final body = await bodyToJson(req);
+
+    if (await checkRequiredFields(required, body)) {
+      try {
+        await AccountsToPostgres.updatePassword(
+            body[required[0]], body[required[1]], body[required[2]]);
+      } catch (e) {
+        return Response(403,
+            body: 'This is not the good password'); // 403 (Forbidden)
+      }
+      return Response(201,
+          body: 'user\'s password succesfully changed'); // 201 (Created)
+    } else {
+      return Response.badRequest(body: 'Bad request'); // 400 (Bad Request)
+    }
   }
 
   // Update mail
diff --git a/lib/database/accounts_to_postgres.dart b/lib/database/accounts_to_postgres.dart
index 867cdf9..8e2e7eb 100644
--- a/lib/database/accounts_to_postgres.dart
+++ b/lib/database/accounts_to_postgres.dart
@@ -103,13 +103,18 @@ class AccountsToPostgres {
 
   // Update user password
   static Future<void> updatePassword(
-      String mail, String hash, String salt) async {
+      String mail, String newHash, String newSalt) async {
     if (selectHashByMail(mail) == null) {
       return;
     } else {
       await connection.query(
-          "UPDATE \"Account\" SET hash=@hash, salt=@salt WHERE mail=@mail",
-          substitutionValues: {"mail": mail, "hash": hash, "salt": salt});
+          "UPDATE \"Account\" SET hash=@newHash and salt=@salt WHERE mail=@mail",
+          substitutionValues: {
+            "mail": mail,
+            "newHash": newHash,
+            "newSalt": newSalt
+          });
+      print("✅ Passworld succesfully updated");
     }
   }
 
@@ -148,8 +153,8 @@ class AccountsToPostgres {
       await connection.query(
           "UPDATE \"Account\" SET mail=@newMail WHERE mail=@mail",
           substitutionValues: {"newMail": newMail, "mail": mail});
+      print("✅ Mail succesfully updated");
     }
-    print("✅ Mail succesfully updated");
   }
 
   // ADMIN: get infos on all users