// ChangePassword changes the password from the logged in user.
//
// It reads the request body in JSON format. The JSON in the request body
// should contain two attributes:
//
// - old: the old password
// - new: the new password
//
// This handler will return 403 if the password didn't match the user, or 412
// if the new password is invalid.
func ChangePassword(w http.ResponseWriter, r *http.Request, u *auth.User) error {
var body map[string]string
err := json.NewDecoder(r.Body).Decode(&body)
if err != nil {
return &errors.Http{
Code: http.StatusBadRequest,
Message: "Invalid JSON.",
}
}
if body["old"] == "" || body["new"] == "" {
return &errors.Http{
Code: http.StatusBadRequest,
Message: "Both the old and the new passwords are required.",
}
}
if !u.Login(body["old"]) {
return &errors.Http{
Code: http.StatusForbidden,
Message: "The given password didn't match the user's current password.",
}
}
if !validation.ValidateLength(body["new"], passwordMinLen, passwordMaxLen) {
return &errors.Http{
Code: http.StatusPreconditionFailed,
Message: passwordError,
}
}
u.Password = body["new"]
u.HashPassword()
return u.Update()
}
