Implement a command-line interface to the running webserver, and a way to get/set...

[ndcode_site.git] / api / account / change_password.json.jst

let crypto = require('crypto')
let logjson = (await import('@ndcode/logjson')).default
let XDate = require('xdate')

return async env => {
  let post_request = await _require('/_lib/post_request.jst')
  let session_cookie = await _require('/_lib/session_cookie.jst')
  let Problem = await _require('/_lib/Problem.jst')

  await post_request(
    // env
    env,
    // handler
    async (old_password, new_password) => {
      // coerce and/or validate
      old_password = old_password.slice(0, 256)
      new_password = new_password.slice(0, 256)
      if (old_password.length < 8 || new_password.length < 8)
        throw new Problem(
          'Bad request',
          'Minimum length check failed',
          400
        )

      let transaction = await env.site.database.Transaction()
      try {
        // initialize env.session_key, set cookie in env.response
        await session_cookie(env, transaction)
        if (env.signed_in_as === null)
          throw new Problem('Unauthorized', 'Please sign in first.', 401)

        let account = await (
          await (
            await transaction.get({})
          ).get('accounts', {})
        ).get(env.signed_in_as)

        if (
          old_password !== await logjson.logjson_to_json(
            await account.get('password')
          )
        )
          throw new Problem(
            'Incorrect password',
            `Provided old password did not match the expected value.`,
            426
          )

        await account.set(
          'password',
          transaction.json_to_logjson(new_password)
        )

        await transaction.commit()
      }
      catch (error) {
        transaction.rollback()
        throw error
      }
    }
  )
}