feat: rudimentary password change

2026-04-26 18:58:29 +02:00 · 2025-03-20 22:00:06 +01:00
parent c3a14e6999
commit 385b1ff9de
5 changed files with 71 additions and 4 deletions
--- a/crates/html-router/src/routes/account.rs
+++ b/crates/html-router/src/routes/account.rs
@@ -104,3 +104,38 @@ pub async fn update_timezone(
        },
    ))
 }
+
+pub async fn show_change_password(
+    RequireUser(_user): RequireUser,
+) -> Result<impl IntoResponse, HtmlError> {
+    Ok(TemplateResponse::new_template(
+        "auth/change_password_form.html",
+        {},
+    ))
+}
+
+#[derive(Deserialize)]
+pub struct NewPasswordForm {
+    old_password: String,
+    new_password: String,
+}
+
+pub async fn change_password(
+    State(state): State<HtmlState>,
+    RequireUser(user): RequireUser,
+    auth: AuthSessionType,
+    Form(form): Form<NewPasswordForm>,
+) -> Result<impl IntoResponse, HtmlError> {
+    // Authenticate to make sure the password matches
+    let authenticated_user = User::authenticate(user.email, form.old_password, &state.db).await?;
+
+    User::patch_password(&authenticated_user.email, &form.new_password, &state.db).await?;
+
+    auth.cache_clear_user(user.id);
+
+    Ok(TemplateResponse::new_partial(
+        "auth/account_settings.html",
+        "change_password_section",
+        {},
+    ))
+}