feat: rudimentary password change

2026-03-31 22:53:07 +02:00 · 2025-03-20 22:00:06 +01:00
parent c3a14e6999
commit 385b1ff9de
5 changed files with 71 additions and 4 deletions
--- a/crates/html-router/src/lib.rs
+++ b/crates/html-router/src/lib.rs
@@ -18,7 +18,10 @@ use html_state::HtmlState;
 use middleware_analytics::analytics_middleware;
 use middleware_auth::require_auth;
 use routes::{
-    account::{delete_account, set_api_key, show_account_page, update_timezone},
+    account::{
+        change_password, delete_account, set_api_key, show_account_page, show_change_password,
+        update_timezone,
+    },
    admin_panel::{show_admin_panel, toggle_registration_status},
    chat::{
        message_response_stream::get_response_stream, new_chat_user_message, new_user_message,
@@ -109,6 +112,10 @@ where
        .route("/toggle-registrations", patch(toggle_registration_status))
        .route("/set-api-key", post(set_api_key))
        .route("/update-timezone", patch(update_timezone))
+        .route(
+            "/change-password",
+            get(show_change_password).patch(change_password),
+        )
        .route("/delete-account", delete(delete_account))
        .route_layer(from_fn_with_state(app_state.clone(), require_auth));

--- a/crates/html-router/src/routes/account.rs
+++ b/crates/html-router/src/routes/account.rs
@@ -104,3 +104,38 @@ pub async fn update_timezone(
        },
    ))
 }
+
+pub async fn show_change_password(
+    RequireUser(_user): RequireUser,
+) -> Result<impl IntoResponse, HtmlError> {
+    Ok(TemplateResponse::new_template(
+        "auth/change_password_form.html",
+        {},
+    ))
+}
+
+#[derive(Deserialize)]
+pub struct NewPasswordForm {
+    old_password: String,
+    new_password: String,
+}
+
+pub async fn change_password(
+    State(state): State<HtmlState>,
+    RequireUser(user): RequireUser,
+    auth: AuthSessionType,
+    Form(form): Form<NewPasswordForm>,
+) -> Result<impl IntoResponse, HtmlError> {
+    // Authenticate to make sure the password matches
+    let authenticated_user = User::authenticate(user.email, form.old_password, &state.db).await?;
+
+    User::patch_password(&authenticated_user.email, &form.new_password, &state.db).await?;
+
+    auth.cache_clear_user(user.id);
+
+    Ok(TemplateResponse::new_partial(
+        "auth/account_settings.html",
+        "change_password_section",
+        {},
+    ))
+}