diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-05-21 21:11:19 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-05-21 21:11:19 -0400 |
| commit | 8d544d58af232e82c740cfcb271d20965020c133 (patch) | |
| tree | b258dacda826fe8ca7d9c703588262a153b9f6d5 /src/db/rest/user | |
| parent | fix modals (diff) | |
| download | xssbook2-8d544d58af232e82c740cfcb271d20965020c133.tar.gz xssbook2-8d544d58af232e82c740cfcb271d20965020c133.tar.bz2 xssbook2-8d544d58af232e82c740cfcb271d20965020c133.zip | |
things
Diffstat (limited to 'src/db/rest/user')
| -rw-r--r-- | src/db/rest/user/api_update_password.sql | 44 | ||||
| -rw-r--r-- | src/db/rest/user/api_user_update.sql | 20 |
2 files changed, 44 insertions, 20 deletions
diff --git a/src/db/rest/user/api_update_password.sql b/src/db/rest/user/api_update_password.sql new file mode 100644 index 0000000..34cc1ac --- /dev/null +++ b/src/db/rest/user/api_update_password.sql @@ -0,0 +1,44 @@ +CREATE FUNCTION api.update_password( + current_password TEXT, + new_password TEXT +) +RETURNS void +LANGUAGE plpgsql VOLATILE +AS $BODY$ +DECLARE + _user_id INTEGER; + _real_password TEXT; +BEGIN + _user_id = _api.get_user_id(); + + PERFORM _api.validate_text( + _text => new_password, + _column => 'password', + _min => 1, + _max => 256 + ); + + SELECT password + INTO _real_password + FROM admin.user + WHERE id = _user_id; + + IF _real_password <> current_password THEN + PERFORM _api.raise( + _msg => 'api_invalid_password' + ); + END IF; + + UPDATE + admin.user + SET + "password" = new_password + WHERE + id = _user_id; +END +$BODY$; + +GRANT EXECUTE ON FUNCTION api.update_password(TEXT, TEXT) + TO rest_user; +GRANT SELECT, UPDATE ON TABLE admin.user + TO rest_user; diff --git a/src/db/rest/user/api_user_update.sql b/src/db/rest/user/api_user_update.sql index 2e7cd50..c26c680 100644 --- a/src/db/rest/user/api_user_update.sql +++ b/src/db/rest/user/api_user_update.sql @@ -32,25 +32,6 @@ BEGIN _changed = TRUE; END IF; - -- password - SELECT password - INTO OLD.password - FROM admin.user - WHERE id = OLD.id; - - NEW.password = COALESCE(NEW.password, OLD.password); - NEW.password := _api.trim(NEW.password); - PERFORM _api.validate_text( - _text => NEW.password, - _column => 'password', - _min => 1, - _max => 256 - ); - - IF NEW.password IS DISTINCT FROM OLD.password THEN - _changed = TRUE; - END IF; - -- first name NEW.first_name = COALESCE(NEW.first_name, OLD.first_name); NEW.first_name := _api.trim(NEW.first_name); @@ -138,7 +119,6 @@ BEGIN IF _changed THEN UPDATE admin.user SET username = NEW.username, - password = NEW.password, first_name = NEW.first_name, last_name = NEW.last_name, middle_name = NEW.middle_name, |