From 0db9b1f8be6ebaac73c53f174d0b8527a09771d1 Mon Sep 17 00:00:00 2001 From: Chip Black Date: Thu, 19 Jan 2012 00:49:50 -0600 Subject: [PATCH] Add password change API --- cgi/cgi_blerg.c | 17 +++++++++++++++++ www-configs/htaccess | 1 + www/doc/index.html | 14 ++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/cgi/cgi_blerg.c b/cgi/cgi_blerg.c index 4d55411..7e5c7df 100644 --- a/cgi/cgi_blerg.c +++ b/cgi/cgi_blerg.c @@ -413,6 +413,23 @@ int main(int argc, char *argv[]) { fwrite(ybuf, len, 1, stdout); yajl_gen_free(g); + } else if (strncmp(path, "/passwd", 7) == 0) { + const char *username = cgi_getentrystr("username"); + if (!check_auth(username)) + exit(0); + + const char *password = cgi_getentrystr("password"); + const char *new_password = cgi_getentrystr("new_password"); + if (password == NULL || new_password == NULL) { + respond_JSON_Failure(); + } else { + if (auth_check_password(username, password)) { + auth_set_password(username, new_password); + respond_JSON_Success(); + } else { + respond_JSON_Failure(); + } + } } else { respond_404(); exit(0); diff --git a/www-configs/htaccess b/www-configs/htaccess index d5a6c62..2587f51 100644 --- a/www-configs/htaccess +++ b/www-configs/htaccess @@ -12,5 +12,6 @@ RewriteRule ^subscribe/(.*) /blerg.cgi/subscribe/$1 [L] RewriteRule ^unsubscribe/(.*) /blerg.cgi/unsubscribe/$1 [L] RewriteRule ^feed$ /blerg.cgi/feed [L] RewriteRule ^feedinfo(.*) /blerg.cgi/feedinfo$1 [L] +RewriteRule ^passwd$ /blerg.cgi/passwd [L] RewriteRule ^rss/(.*) /rss.cgi/$1 [L] diff --git a/www/doc/index.html b/www/doc/index.html index d910f7d..6bc071e 100644 --- a/www/doc/index.html +++ b/www/doc/index.html @@ -40,6 +40,7 @@ C.
  • /unsubscribe/(user) - Unsubscribe from a user's updates
  • /feed - Get updates for subscribed users
  • /feedinfo, /feedinfo/(user) - Get subscription status
  • +
  • /passwd - Change a user's password
  • Design @@ -343,6 +344,19 @@ interested in. The server will respond with a simple JSON object:

    The value of "subscribed" will be either true or false depending on the subscription status. +

    /passwd - Change a user's password

    + +

    POST to /passwd with a username parameter and an auth +cookie, plus password and new_password +parameters to change the user's password. For extra protection, +changing a password requires sending the user's current password in the +password parameter. If authentication is successful and +the password matches, the user's password is set to +new_password and the server responds with JSON success. + +If the password doesn't match, or one of password or +new_password are missing, the server returns JSON failure. +

    Design

    Motivation

    -- 2.34.1