Added ability to change email and password

server/src/routes/auth.rs

@@ -1,6 +1,11 @@
+use axum::debug_handler;
+use axum::http::HeaderMap;
 use axum::{extract::State, routing::post, Json, Router};
+use serde::Deserialize;
 
 use crate::auth::verify_password_hash;
+use crate::auth::{get_user_from_header, AuthError};
+use crate::database::model::user::UpdateUser;
 use crate::database::model::Member as DbMember;
 use crate::database::model::Session as DbSession;
 use crate::database::model::User as DbUser;
@@ -12,9 +17,11 @@ pub fn routes() -> Router<AppState> {
     Router::new()
         .route("/auth/login", post(login))
         .route("/auth/register", post(register))
+        .route("/auth/change_password", post(change_password))
+        .route("/auth/change_email", post(change_email))
 }
 
-#[derive(serde::Deserialize)]
+#[derive(Deserialize)]
 pub struct LoginRequest {
     email: String,
     password: String,
@@ -26,10 +33,14 @@ pub async fn login<'a>(
 ) -> Result<String, crate::Error> {
     let db_user = DbUser::get_from_email(&state.pool, login_request.email).await?;
 
-    match verify_password_hash(&login_request.password, &db_user.password).await {
-        Ok(_) => (),
-        Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
-    };
+    if let Some(pass) = db_user.password {
+        match verify_password_hash(&login_request.password, &pass).await {
+            Ok(_) => (),
+            Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
+        };
+    } else {
+        return Err(AuthError::Unexpected.into());
+    }
 
     // Create session
     let mut transaction = state.pool.begin().await?;
@@ -42,14 +53,14 @@ pub async fn login<'a>(
     Ok(db_session.token)
 }
 
-#[derive(serde::Deserialize)]
+#[derive(Deserialize)]
 pub struct RegisterRequest {
     email: String,
     password: String,
     registration_tokens: Vec<String>,
 }
 
-pub async fn register<'a>(
+pub async fn register(
     State(state): State<AppState>,
     Json(auth_request): Json<RegisterRequest>,
 ) -> Result<String, crate::Error> {
@@ -83,3 +94,88 @@ pub async fn register<'a>(
 
     Ok(db_session.token)
 }
+
+#[derive(Debug, Deserialize)]
+pub struct ChangePasswordRequest {
+    pub old_password: String,
+    pub new_password: String,
+}
+
+pub async fn change_password(
+    State(state): State<AppState>,
+    headers: HeaderMap,
+    Json(request): Json<ChangePasswordRequest>,
+) -> Result<(), crate::Error> {
+    let (_, user) = get_user_from_header(&state.pool, &headers).await?;
+
+    let password_hash = match generate_password_hash(request.new_password).await {
+        Ok(hash) => hash,
+        Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
+    };
+
+    let db_user: DbUser = user.into();
+
+    let old_password_hash = db_user.get_password(&state.pool).await?;
+
+    match verify_password_hash(&request.old_password, &old_password_hash).await {
+        Ok(_) => (),
+        Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
+    };
+
+    let mut transaction = state.pool.begin().await?;
+
+    db_user
+        .update(
+            &mut transaction,
+            UpdateUser {
+                email: None,
+                password: Some(password_hash),
+                admin: None,
+            },
+        )
+        .await?;
+
+    transaction.commit().await?;
+
+    Ok(())
+}
+
+#[derive(Debug, Deserialize)]
+pub struct ChangeEmailRequest {
+    pub password: String,
+    pub new_email: String,
+}
+
+pub async fn change_email(
+    State(state): State<AppState>,
+    headers: HeaderMap,
+    Json(request): Json<ChangeEmailRequest>,
+) -> Result<(), crate::Error> {
+    let (_, user) = get_user_from_header(&state.pool, &headers).await?;
+
+    let db_user: DbUser = user.into();
+
+    let password_hash = db_user.get_password(&state.pool).await?;
+
+    match verify_password_hash(&request.password, &password_hash).await {
+        Ok(_) => (),
+        Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
+    };
+
+    let mut transaction = state.pool.begin().await?;
+
+    db_user
+        .update(
+            &mut transaction,
+            UpdateUser {
+                email: Some(request.new_email),
+                password: None,
+                admin: None,
+            },
+        )
+        .await?;
+
+    transaction.commit().await?;
+
+    Ok(())
+}