things

1 files changed, 44 insertions, 0 deletions

diff --git a/src/db/rest/user/api_update_password.sql b/src/db/rest/user/api_update_password.sql
new file mode 100644
index 0000000..34cc1ac
--- /dev/null
+++ b/src/db/rest/user/api_update_password.sql
@@ -0,0 +1,44 @@
+CREATE FUNCTION api.update_password(
+	current_password TEXT,
+	new_password TEXT
+)
+RETURNS void
+LANGUAGE plpgsql VOLATILE
+AS $BODY$
+DECLARE
+	_user_id INTEGER;
+	_real_password TEXT;
+BEGIN
+	_user_id = _api.get_user_id();
+
+	PERFORM _api.validate_text(
+		_text => new_password,
+		_column => 'password',
+		_min => 1,
+		_max => 256
+	);
+
+	SELECT password
+		INTO _real_password
+		FROM admin.user
+		WHERE id = _user_id;
+
+	IF _real_password <> current_password THEN
+		PERFORM _api.raise(
+			_msg => 'api_invalid_password'
+		);
+	END IF;
+
+	UPDATE
+		admin.user
+	SET
+		"password" = new_password
+	WHERE
+		id = _user_id;
+END
+$BODY$;
+
+GRANT EXECUTE ON FUNCTION api.update_password(TEXT, TEXT)
+	TO rest_user;
+GRANT SELECT, UPDATE ON TABLE admin.user
+	TO rest_user;