blob: acc53de48cadf829ea9c0bd5d4530e564fa80be4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
CREATE FUNCTION api.update_password(
current_password TEXT,
new_password TEXT
)
RETURNS void
LANGUAGE plpgsql VOLATILE
AS $BODY$
DECLARE
_user_id INTEGER;
_real_password TEXT;
BEGIN
_user_id = _api.get_user_id();
PERFORM _api.validate_text(
_text => new_password,
_column => 'password',
_min => 1,
_max => 256
);
SELECT password
INTO _real_password
FROM xssbook.user
WHERE id = _user_id;
IF _real_password <> current_password THEN
PERFORM _api.raise(
_msg => 'api_invalid_password'
);
END IF;
UPDATE
xssbook.user
SET
"password" = new_password
WHERE
id = _user_id;
END
$BODY$;
GRANT EXECUTE ON FUNCTION api.update_password(TEXT, TEXT)
TO rest_user;
GRANT SELECT, UPDATE ON TABLE xssbook.user
TO rest_user;
|
