summaryrefslogtreecommitdiff
path: root/src/db/rest/user/api_update_password.sql
diff options
context:
space:
mode:
Diffstat (limited to 'src/db/rest/user/api_update_password.sql')
-rw-r--r--src/db/rest/user/api_update_password.sql44
1 files changed, 44 insertions, 0 deletions
diff --git a/src/db/rest/user/api_update_password.sql b/src/db/rest/user/api_update_password.sql
new file mode 100644
index 0000000..34cc1ac
--- /dev/null
+++ b/src/db/rest/user/api_update_password.sql
@@ -0,0 +1,44 @@
+CREATE FUNCTION api.update_password(
+ current_password TEXT,
+ new_password TEXT
+)
+RETURNS void
+LANGUAGE plpgsql VOLATILE
+AS $BODY$
+DECLARE
+ _user_id INTEGER;
+ _real_password TEXT;
+BEGIN
+ _user_id = _api.get_user_id();
+
+ PERFORM _api.validate_text(
+ _text => new_password,
+ _column => 'password',
+ _min => 1,
+ _max => 256
+ );
+
+ SELECT password
+ INTO _real_password
+ FROM admin.user
+ WHERE id = _user_id;
+
+ IF _real_password <> current_password THEN
+ PERFORM _api.raise(
+ _msg => 'api_invalid_password'
+ );
+ END IF;
+
+ UPDATE
+ admin.user
+ SET
+ "password" = new_password
+ WHERE
+ id = _user_id;
+END
+$BODY$;
+
+GRANT EXECUTE ON FUNCTION api.update_password(TEXT, TEXT)
+ TO rest_user;
+GRANT SELECT, UPDATE ON TABLE admin.user
+ TO rest_user;
generated by cgit v1.2.3-freya (git 2.51.0) at 2025-09-22 13:53:13 +0000