diff options
Diffstat (limited to 'internal/api/client/user/passwordchange.go')
| -rw-r--r-- | internal/api/client/user/passwordchange.go | 43 |
1 files changed, 22 insertions, 21 deletions
diff --git a/internal/api/client/user/passwordchange.go b/internal/api/client/user/passwordchange.go index 15b082c1d..7676f5b85 100644 --- a/internal/api/client/user/passwordchange.go +++ b/internal/api/client/user/passwordchange.go @@ -19,12 +19,13 @@ package user import ( + "errors" "net/http" "github.com/gin-gonic/gin" - "github.com/sirupsen/logrus" "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -54,48 +55,48 @@ import ( // responses: // '200': // description: Change successful +// '400': +// description: bad request // '401': // description: unauthorized // '403': // description: forbidden -// '400': -// description: bad request +// '406': +// description: not acceptable // '500': -// description: "internal error" +// description: internal error func (m *Module) PasswordChangePOSTHandler(c *gin.Context) { - l := logrus.WithField("func", "PasswordChangePOSTHandler") - authed, err := oauth.Authed(c, true, true, true, true) if err != nil { - l.Debugf("error authing: %s", err) - c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"}) + api.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet) return } if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { - c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + api.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGet) return } - // First check this user/account is active. - if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { - l.Debugf("couldn't auth: %s", err) - c.JSON(http.StatusForbidden, gin.H{"error": "account is disabled, not yet approved, or suspended"}) + form := &model.PasswordChangeRequest{} + if err := c.ShouldBind(form); err != nil { + api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet) return } - form := &model.PasswordChangeRequest{} - if err := c.ShouldBind(form); err != nil || form == nil || form.NewPassword == "" || form.OldPassword == "" { - if err != nil { - l.Debugf("could not parse form from request: %s", err) - } - c.JSON(http.StatusBadRequest, gin.H{"error": "missing one or more required form values"}) + if form.OldPassword == "" { + err := errors.New("password change request missing field old_password") + api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet) + return + } + + if form.NewPassword == "" { + err := errors.New("password change request missing field new_password") + api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet) return } if errWithCode := m.processor.UserChangePassword(c.Request.Context(), authed, form); errWithCode != nil { - l.Debugf("error changing user password: %s", errWithCode.Error()) - c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()}) + api.ErrorHandler(c, errWithCode, m.processor.InstanceGet) return } |