http: POST /api/account/password — self-service password change

2026-05-05 09:52:10 +01:00
parent dbb8550936
commit cae4147df6
3 changed files with 91 additions and 0 deletions
@@ -0,0 +1,66 @@
+// ui_account.go — self-service account surface (password change).
+//
+// Routes (wired in server.go):
+//
+//	POST /api/account/password  — JSON change-password (mounted in viewer band)
+//	GET  /settings/account      — page (lands in Task F4)
+//	POST /settings/account      — page submit (lands in Task F4)
+package http
+
+import (
+	"encoding/json"
+	stdhttp "net/http"
+	"time"
+
+	"github.com/oklog/ulid/v2"
+
+	"gitea.dcglab.co.uk/steve/restic-manager/internal/auth"
+	"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
+)
+
+type passwordChangeRequest struct {
+	CurrentPassword string `json:"current_password"`
+	NewPassword     string `json:"new_password"`
+}
+
+func (s *Server) handleAPIAccountPassword(w stdhttp.ResponseWriter, r *stdhttp.Request) {
+	u, ok := s.requireUser(r)
+	if !ok {
+		writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
+		return
+	}
+	var req passwordChangeRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		writeJSONError(w, stdhttp.StatusBadRequest, "invalid_json", err.Error())
+		return
+	}
+	if len(req.NewPassword) < 12 {
+		writeJSONError(w, stdhttp.StatusBadRequest, "password_too_short", "min 12 chars")
+		return
+	}
+	// Skip current-password check when must_change_password is set —
+	// the user has no current password to know (only matters for the
+	// legacy reset-password path; setup-token path doesn't use this).
+	if !u.MustChangePassword {
+		if err := auth.VerifyPassword(u.PasswordHash, req.CurrentPassword); err != nil {
+			writeJSONError(w, stdhttp.StatusUnauthorized, "current_password_wrong", "")
+			return
+		}
+	}
+	hash, err := auth.HashPassword(req.NewPassword)
+	if err != nil {
+		writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
+		return
+	}
+	if err := s.deps.Store.SetPasswordHash(r.Context(), u.ID, hash); err != nil {
+		writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
+		return
+	}
+	_ = s.deps.Store.AppendAudit(r.Context(), store.AuditEntry{
+		ID: ulid.Make().String(), UserID: &u.ID, Actor: "user",
+		Action:     "user.password_changed",
+		TargetKind: ptr("user"), TargetID: &u.ID,
+		TS: time.Now().UTC(),
+	})
+	w.WriteHeader(stdhttp.StatusOK)
+}