From: Chip Black <bytex64@bytex64.net>
Date: Thu, 19 Jan 2012 06:49:50 +0000 (-0600)
Subject: Add password change API
X-Git-Tag: v1.6.3~4
X-Git-Url: http://git.bytex64.net/?a=commitdiff_plain;h=0db9b1f8be6ebaac73c53f174d0b8527a09771d1;p=blerg.git

Add password change API
---

diff --git a/cgi/cgi_blerg.c b/cgi/cgi_blerg.c
index 4d55411..7e5c7df 100644
--- a/cgi/cgi_blerg.c
+++ b/cgi/cgi_blerg.c
@@ -413,6 +413,23 @@ int main(int argc, char *argv[]) {
 		fwrite(ybuf, len, 1, stdout);
 
 		yajl_gen_free(g);
+	} else if (strncmp(path, "/passwd", 7) == 0) {
+		const char *username = cgi_getentrystr("username");
+		if (!check_auth(username))
+			exit(0);
+
+		const char *password = cgi_getentrystr("password");
+		const char *new_password = cgi_getentrystr("new_password");
+		if (password == NULL || new_password == NULL) {
+			respond_JSON_Failure();
+		} else {
+			if (auth_check_password(username, password)) {
+				auth_set_password(username, new_password);
+				respond_JSON_Success();
+			} else {
+				respond_JSON_Failure();
+			}
+		}
 	} else {
 		respond_404();
 		exit(0);
diff --git a/www-configs/htaccess b/www-configs/htaccess
index d5a6c62..2587f51 100644
--- a/www-configs/htaccess
+++ b/www-configs/htaccess
@@ -12,5 +12,6 @@ RewriteRule ^subscribe/(.*) /blerg.cgi/subscribe/$1 [L]
 RewriteRule ^unsubscribe/(.*) /blerg.cgi/unsubscribe/$1 [L]
 RewriteRule ^feed$ /blerg.cgi/feed [L]
 RewriteRule ^feedinfo(.*) /blerg.cgi/feedinfo$1 [L]
+RewriteRule ^passwd$ /blerg.cgi/passwd [L]
 
 RewriteRule ^rss/(.*) /rss.cgi/$1 [L]
diff --git a/www/doc/index.html b/www/doc/index.html
index d910f7d..6bc071e 100644
--- a/www/doc/index.html
+++ b/www/doc/index.html
@@ -40,6 +40,7 @@ C.
       <li><a href="#api_unsubscribe">/unsubscribe/(user) - Unsubscribe from a user's updates</a></li>
       <li><a href="#api_feed">/feed - Get updates for subscribed users</a></li>
       <li><a href="#api_feedinfo">/feedinfo, /feedinfo/(user) - Get subscription status</a></li>
+      <li><a href="#api_passwd">/passwd - Change a user's password</a></li>
     </ul>
   </li>
   <li><a href="#design">Design</a>
@@ -343,6 +344,19 @@ interested in.  The server will respond with a simple JSON object:
 <p>The value of "subscribed" will be either true or false depending on
 the subscription status.
 
+<h3><a name="api_passwd">/passwd</a> - Change a user's password</a></h3>
+
+<p>POST to /passwd with a <code>username</code> parameter and an auth
+cookie, plus <code>password</code> and <code>new_password</code>
+parameters to change the user's password.  For extra protection,
+changing a password requires sending the user's current password in the
+<code>password</code> parameter.  If authentication is successful and
+the password matches, the user's password is set to
+<code>new_password</code> and the server responds with JSON success.
+
+If the password doesn't match, or one of <code>password</code> or
+<code>new_password</code> are missing, the server returns JSON failure.
+
 <h2><a name="design">Design</a></h2>
 
 <h3><a name="motivation">Motivation</a></h3>