diff options
Diffstat (limited to 'api4/user.go')
-rw-r--r-- | api4/user.go | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index cf9bb4ead..56cfc5d90 100644 --- a/api4/user.go +++ b/api4/user.go @@ -23,6 +23,7 @@ func InitUser() { BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT") BaseRoutes.User.Handle("", ApiSessionRequired(deleteUser)).Methods("DELETE") BaseRoutes.User.Handle("/roles", ApiSessionRequired(updateUserRoles)).Methods("PUT") + BaseRoutes.User.Handle("/password", ApiSessionRequired(updatePassword)).Methods("PUT") BaseRoutes.Users.Handle("/login", ApiHandler(login)).Methods("POST") BaseRoutes.Users.Handle("/logout", ApiHandler(logout)).Methods("POST") @@ -281,6 +282,43 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } +func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + props := model.MapFromJson(r.Body) + + newPassword := props["new_password"] + + c.LogAudit("attempted") + + var err *model.AppError + if c.Params.UserId == c.Session.UserId { + currentPassword := props["current_password"] + if len(currentPassword) <= 0 { + c.SetInvalidParam("current_password") + return + } + + err = app.UpdatePasswordAsUser(c.Params.UserId, currentPassword, newPassword, c.GetSiteURL()) + } else if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + err = app.UpdatePasswordByUserIdSendEmail(c.Params.UserId, newPassword, c.T("api.user.reset_password.method"), c.GetSiteURL()) + } else { + err = model.NewAppError("updatePassword", "api.user.update_password.context.app_error", nil, "", http.StatusForbidden) + } + + if err != nil { + c.LogAudit("failed") + c.Err = err + return + } else { + c.LogAudit("completed") + ReturnStatusOK(w) + } +} + func login(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) |