From 12c1da413d09d48ce85bb46d0629166ce986b5d6 Mon Sep 17 00:00:00 2001
From: curly <curly@infernal.garden>
Date: Tue, 16 Jul 2024 13:19:14 -0600
Subject: change password and username

---
 src/db.rs   | 24 ++++++++++++++++++++++++
 src/main.rs | 19 ++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/db.rs b/src/db.rs
index c655cf7..ba86b91 100644
--- a/src/db.rs
+++ b/src/db.rs
@@ -60,6 +60,19 @@ impl User {
         User { name, hashed_password, id, tokovec: base_tokens, sessions: HashMap::new() }
     }
 
+    fn update_name(&mut self, new_name: String) {
+        self.name = new_name;
+    }
+
+    fn update_password(&mut self, old_password: String, new_password: String) -> Result<(), String> {
+        if User::hash(&old_password) == self.hashed_password {
+            self.hashed_password = User::hash(&new_password);
+            return Ok(());
+        } else {
+            return Err("Old Password is Incorrect".into())
+        }
+    }
+
     fn hash(t: &String) -> String {
         let hashed = Sha256::digest(&t);
         let hashed = base16ct::lower::encode_string(&hashed);
@@ -189,6 +202,17 @@ impl DB {
         Err("User Not Found".into())
     }
 
+    pub async fn update_user(&mut self, id: UID, session: &String, name: String, old_password: String, new_password: String) -> Result<(), String> {
+        self.get_user_authenticated(id, session).await?;
+        let user = self.get_mut_user(id).await?;
+        user.update_name(name);
+        user.update_password(old_password, new_password)?;
+
+        self.save().await?;
+
+        Ok(())
+    }
+
     pub async fn get_user_authenticated(&self, id: UID, session: &String) -> Result<&User, String> {
         match self.get_user(id) {
             Ok(u) => {
diff --git a/src/main.rs b/src/main.rs
index 7edc01c..6b0ecec 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -183,6 +183,23 @@ async fn delete(data: Json<LogoutForm>, db: &State<Mutex<DB>>) -> (Status, Resul
     }
 }
 
+#[derive(Deserialize)]
+struct UpdateForm {
+    id: UID,
+    session: String,
+    name: String,
+    old_password: String,
+    new_password: String,
+}
+#[post("/update/info", data="<data>", format="json")]
+async fn update_user(data: Json<UpdateForm>, db: &State<Mutex<DB>>) -> (Status, Result<(), Json<String>>) {
+    let mut db = db.lock().await;
+    match db.update_user(data.id, &data.session, data.name.clone(), data.old_password.clone(), data.new_password.clone()).await {
+        Ok(_) => (Status::Ok, Ok(())),
+        Err(n) => (Status::InternalServerError, Err(n.into()))
+    }
+}
+
 #[derive(Deserialize, Debug)]
 struct TransferForm {
     id: UID,
@@ -217,7 +234,7 @@ fn rocket() -> _ {
 
     rocket::build().manage(Mutex::new(DB::load(Config::new())))
     .mount("/", routes![index])
-    .mount("/user", routes![login, get_users_by_name, get_user_authenticated, get_user, new_user, get_all_users, logout, logout_all, get_sessions, delete])
+    .mount("/user", routes![login, get_users_by_name, get_user_authenticated, get_user, new_user, get_all_users, logout, logout_all, get_sessions, delete, update_user])
     .mount("/transfer", routes![transfer_out])
     .attach(cors)
 }
\ No newline at end of file
-- 
cgit v1.2.3