Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-07-09 03:04:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add a password reset api

Browse Source
This commit is contained in:
Zoe Roux 2024-01-10 21:01:15 +01:00
parent da4b877b0d
commit 6407579dd6
2 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
back/src/Kyoo.Authentication/Models/DTO/PasswordResetRequest.cs Normal file
View File

@ -0,0 +1,38 @@
// Kyoo - A portable and vast media library solution.
// Copyright (c) Kyoo.
//
// See AUTHORS.md and LICENSE file in the project root for full license information.
//
// Kyoo is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// any later version.
//
// Kyoo is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Kyoo. If not, see <https://www.gnu.org/licenses/>.
using System.ComponentModel.DataAnnotations;
namespace Kyoo.Authentication.Models.DTO;
/// <summary>
/// A model only used on password resets.
/// </summary>
public class PasswordResetRequest
{
/// <summary>
/// The old password
/// </summary>
public string OldPassword { get; set; }
/// <summary>
/// The new password
/// </summary>
[MinLength(4, ErrorMessage = "The password must have at least {1} characters")]
public string NewPassword { get; set; }
}

27
back/src/Kyoo.Authentication/Views/AuthApi.cs
View File

@ -185,6 +185,31 @@ namespace Kyoo.Authentication.Views
} }
} }
/// <summary>
/// Reset your password
/// </summary>
/// <remarks>
/// Change your password.
/// </remarks>
/// <param name="request">The old and new password</param>
/// <returns>Your account info.</returns>
/// <response code="403">The old password is invalid.</response>
[HttpPost("password-reset")]
[UserOnly]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden, Type = typeof(RequestError))]
public async Task<ActionResult<User>> ResetPassword([FromBody] PasswordResetRequest request)
{
User user = await _users.Get(User.GetIdOrThrow());
if (!BCryptNet.Verify(request.OldPassword, user.Password))
return Forbid(new RequestError("The old password is invalid."));
return await _users.Patch(user.Id, (user) =>
{
user.Password = BCryptNet.HashPassword(request.NewPassword);
return user;
});
}
/// <summary> /// <summary>
/// Get authenticated user. /// Get authenticated user.
/// </summary> /// </summary>
@ -262,6 +287,8 @@ namespace Kyoo.Authentication.Views
{ {
if (patch.Id.HasValue && patch.Id != userId) if (patch.Id.HasValue && patch.Id != userId)
throw new ArgumentException("Can't edit your user id."); throw new ArgumentException("Can't edit your user id.");
if (patch.ContainsKey(nameof(Abstractions.Models.User.Password)))
throw new ArgumentException("Can't edit your password via a PATCH. Use /auth/password-reset");
return await _users.Patch(userId, patch.Apply); return await _users.Patch(userId, patch.Apply);
} }
catch (ItemNotFoundException) catch (ItemNotFoundException)