From 1c45c2ec3a716392997b5f60dbbdde77385a7fb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Sun, 17 Jun 2018 00:06:59 +0200 Subject: [PATCH] Implemented API endpoints to modify profile name and hint, and to change email address, fixes #43 --- src/api/core/accounts.rs | 58 +++++++++++++++++++++++++++++++++++++--- src/api/core/mod.rs | 2 ++ 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 8dfca256..03315d6b 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -3,7 +3,7 @@ use rocket_contrib::Json; use db::DbConn; use db::models::*; -use api::{PasswordData, JsonResult, EmptyResult, JsonUpcase}; +use api::{PasswordData, JsonResult, EmptyResult, JsonUpcase, NumberOrString}; use auth::Headers; use CONFIG; @@ -64,6 +64,28 @@ fn profile(headers: Headers, conn: DbConn) -> JsonResult { Ok(Json(headers.user.to_json(&conn))) } +#[derive(Deserialize, Debug)] +#[allow(non_snake_case)] +struct ProfileData { + #[serde(rename = "Culture")] + _Culture: String, // Ignored, always use en-US + MasterPasswordHint: Option, + Name: String, +} + +#[post("/accounts/profile", data = "")] +fn post_profile(data: JsonUpcase, headers: Headers, conn: DbConn) -> JsonResult { + let data: ProfileData = data.into_inner().data; + + let mut user = headers.user; + + user.name = data.Name; + user.password_hint = data.MasterPasswordHint; + user.save(&conn); + + Ok(Json(user.to_json(&conn))) +} + #[get("/users//public-key")] fn get_public_keys(uuid: String, _headers: Headers, conn: DbConn) -> JsonResult { let user = match User::find_by_uuid(&uuid, &conn) { @@ -133,13 +155,39 @@ fn post_sstamp(data: JsonUpcase, headers: Headers, conn: DbConn) - #[derive(Deserialize)] #[allow(non_snake_case)] -struct ChangeEmailData { +struct EmailTokenData { MasterPasswordHash: String, NewEmail: String, } - #[post("/accounts/email-token", data = "")] +fn post_email_token(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { + let data: EmailTokenData = data.into_inner().data; + + if !headers.user.check_valid_password(&data.MasterPasswordHash) { + err!("Invalid password") + } + + if User::find_by_mail(&data.NewEmail, &conn).is_some() { + err!("Email already in use"); + } + + Ok(()) +} + +#[derive(Deserialize)] +#[allow(non_snake_case)] +struct ChangeEmailData { + MasterPasswordHash: String, + NewEmail: String, + + Key: String, + NewMasterPasswordHash: String, + #[serde(rename = "Token")] + _Token: NumberOrString, +} + +#[post("/accounts/email", data = "")] fn post_email(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { let data: ChangeEmailData = data.into_inner().data; let mut user = headers.user; @@ -153,6 +201,10 @@ fn post_email(data: JsonUpcase, headers: Headers, conn: DbConn) } user.email = data.NewEmail; + + user.set_password(&data.NewMasterPasswordHash); + user.key = data.Key; + user.save(&conn); Ok(()) diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 4f29a617..b264f846 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -14,10 +14,12 @@ pub fn routes() -> Vec { routes![ register, profile, + post_profile, get_public_keys, post_keys, post_password, post_sstamp, + post_email_token, post_email, delete_account, revision_date,