Add password change API

diff --git a/cgi/cgi_blerg.c b/cgi/cgi_blerg.c
index 4d55411..7e5c7df 100644 (file)
--- a/cgi/cgi_blerg.c
+++ b/cgi/cgi_blerg.c
@@ -413,6 +413,23 @@ int main(int argc, char *argv[]) {
                fwrite(ybuf, len, 1, stdout);
 
                yajl_gen_free(g);
+       } else if (strncmp(path, "/passwd", 7) == 0) {
+               const char *username = cgi_getentrystr("username");
+               if (!check_auth(username))
+                       exit(0);
+
+               const char *password = cgi_getentrystr("password");
+               const char *new_password = cgi_getentrystr("new_password");
+               if (password == NULL || new_password == NULL) {
+                       respond_JSON_Failure();
+               } else {
+                       if (auth_check_password(username, password)) {
+                               auth_set_password(username, new_password);
+                               respond_JSON_Success();
+                       } else {
+                               respond_JSON_Failure();
+                       }
+               }
        } else {
                respond_404();
                exit(0);

diff --git a/www-configs/htaccess b/www-configs/htaccess
index d5a6c62..2587f51 100644 (file)
--- a/www-configs/htaccess
+++ b/www-configs/htaccess
@@ -12,5 +12,6 @@ RewriteRule ^subscribe/(.*) /blerg.cgi/subscribe/$1 [L]
 RewriteRule ^unsubscribe/(.*) /blerg.cgi/unsubscribe/$1 [L]
 RewriteRule ^feed$ /blerg.cgi/feed [L]
 RewriteRule ^feedinfo(.*) /blerg.cgi/feedinfo$1 [L]
+RewriteRule ^passwd$ /blerg.cgi/passwd [L]
 
 RewriteRule ^rss/(.*) /rss.cgi/$1 [L]

diff --git a/www/doc/index.html b/www/doc/index.html
index d910f7d..6bc071e 100644 (file)
--- a/www/doc/index.html
+++ b/www/doc/index.html
@@ -40,6 +40,7 @@ C.
       <li><a href="#api_unsubscribe">/unsubscribe/(user) - Unsubscribe from a user's updates</a></li>
       <li><a href="#api_feed">/feed - Get updates for subscribed users</a></li>
       <li><a href="#api_feedinfo">/feedinfo, /feedinfo/(user) - Get subscription status</a></li>
+      <li><a href="#api_passwd">/passwd - Change a user's password</a></li>
     </ul>
   </li>
   <li><a href="#design">Design</a>
@@ -343,6 +344,19 @@ interested in.  The server will respond with a simple JSON object:
 <p>The value of "subscribed" will be either true or false depending on
 the subscription status.
 
+<h3><a name="api_passwd">/passwd</a> - Change a user's password</a></h3>
+
+<p>POST to /passwd with a <code>username</code> parameter and an auth
+cookie, plus <code>password</code> and <code>new_password</code>
+parameters to change the user's password.  For extra protection,
+changing a password requires sending the user's current password in the
+<code>password</code> parameter.  If authentication is successful and
+the password matches, the user's password is set to
+<code>new_password</code> and the server responds with JSON success.
+
+If the password doesn't match, or one of <code>password</code> or
+<code>new_password</code> are missing, the server returns JSON failure.
+
 <h2><a name="design">Design</a></h2>
 
 <h3><a name="motivation">Motivation</a></h3>