feat: change password + refactor Field component

Adds change password button in account settings and endpoint. Refactors Field component.
ScuffleCloud · Nov 4, 2023 · dabf27a · dabf27a
1 parent a87e1f6
commit dabf27a
Show file tree

Hide file tree

Showing 16 changed files with 824 additions and 765 deletions.
diff --git a/platform/api/src/api/v1/gql/mutations/auth.rs b/platform/api/src/api/v1/gql/mutations/auth.rs
@@ -83,12 +83,12 @@ impl AuthMutation {
         .bind(user.id)
         .bind(!user.totp_enabled)
         .bind(expires_at)
-        .fetch_one(&mut *tx)
+        .fetch_one(tx.as_mut())
         .await?;
 
         sqlx::query("UPDATE users SET last_login_at = NOW() WHERE id = $1")
             .bind(user.id)
-            .execute(&mut *tx)
+            .execute(tx.as_mut())
             .await?;
 
         tx.commit().await?;

diff --git a/platform/api/src/api/v1/gql/mutations/user.rs b/platform/api/src/api/v1/gql/mutations/user.rs
@@ -3,6 +3,7 @@ use bytes::Bytes;
 use prost::Message;
 
 use crate::api::middleware::auth::AuthError;
+use crate::api::v1::gql::validators::PasswordValidator;
 use crate::{
     api::v1::gql::{
         error::{GqlError, Result, ResultExt},
@@ -148,6 +149,59 @@ impl UserMutation {
         Ok(user.into())
     }
 
+    async fn password<'ctx>(
+        &self,
+        ctx: &Context<'_>,
+        #[graphql(desc = "Current password")] current_password: String,
+        #[graphql(desc = "New password", validator(custom = "PasswordValidator"))]
+        new_password: String,
+    ) -> Result<User> {
+        let global = ctx.get_global();
+        let request_context = ctx.get_req_context();
+
+        let auth = request_context
+            .auth()
+            .await?
+            .ok_or(GqlError::Auth(AuthError::NotLoggedIn))?;
+
+        let user = global
+            .user_by_id_loader
+            .load(auth.session.user_id.0)
+            .await
+            .map_err_gql("failed to fetch user")?
+            .map_err_gql(GqlError::NotFound("user"))?;
+
+        if !user.verify_password(&current_password) {
+            return Err(GqlError::InvalidInput {
+                fields: vec!["password"],
+                message: "wrong password",
+            }
+            .into());
+        }
+
+        let mut tx = global.db.begin().await?;
+
+        let user: database::User =
+            sqlx::query_as("UPDATE users SET password_hash = $1 WHERE id = $2 RETURNING *")
+                .bind(database::User::hash_password(&new_password))
+                .bind(user.id)
+                .fetch_one(tx.as_mut())
+                .await?;
+
+        // Delete all sessions except current
+        sqlx::query("DELETE FROM user_sessions WHERE user_id = $1 AND id != $2")
+            .bind(user.id)
+            .bind(auth.session.id)
+            .execute(tx.as_mut())
+            .await?;
+
+        // TODO: Logout active connections
+
+        tx.commit().await?;
+
+        Ok(user.into())
+    }
+
     /// Follow or unfollow a user.
     async fn follow<'ctx>(
         &self,

diff --git a/platform/website/src/assets/styles/global.scss b/platform/website/src/assets/styles/global.scss
@@ -84,11 +84,8 @@ input[type="password"] {
 		border-color: $primaryColor;
 	}
 
-	&:not(:focus) {
-		&.invalid,
-		&:invalid {
-			border-color: $errorColor;
-		}
+	&:not(:focus).invalid {
+		border-color: $errorColor;
 	}
 }
 

diff --git a/platform/website/src/assets/styles/settings.scss b/platform/website/src/assets/styles/settings.scss
@@ -1,18 +1,5 @@
 @import "./variables.scss";
 
-.message {
-	font-size: 0.9rem;
-	font-weight: 500;
-
-	&.error {
-		color: $errorColor;
-	}
-
-	&.success {
-		color: $successColor;
-	}
-}
-
 .input {
 	margin-top: 0.5rem;
 	background-color: $bgColor2;
@@ -52,7 +39,3 @@
 		gap: 0.5rem;
 	}
 }
-
-input.input.invalid:not(:focus) {
-	border-color: $errorColor;
-}