From 63384231c26ac2da2e35d8aea56a28a9a1138b88 Mon Sep 17 00:00:00 2001
From: Colin McDonald <cmcdonald.main@gmail.com>
Date: Tue, 21 Jun 2016 01:31:48 -0400
Subject: [PATCH] Partially complete POST /user/:id/changePassword. Still
 requires TOTP integration

---
 .../route/users/POSTUserChangePassword.java   | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 src/main/java/net/frozenorb/apiv3/route/users/POSTUserChangePassword.java

diff --git a/src/main/java/net/frozenorb/apiv3/route/users/POSTUserChangePassword.java b/src/main/java/net/frozenorb/apiv3/route/users/POSTUserChangePassword.java
new file mode 100644
index 0000000..1e5f8f2
--- /dev/null
+++ b/src/main/java/net/frozenorb/apiv3/route/users/POSTUserChangePassword.java
@@ -0,0 +1,56 @@
+package net.frozenorb.apiv3.route.users;
+
+import com.google.common.collect.ImmutableMap;
+import io.vertx.core.Handler;
+import io.vertx.ext.web.RoutingContext;
+import net.frozenorb.apiv3.APIv3;
+import net.frozenorb.apiv3.model.User;
+import net.frozenorb.apiv3.unsorted.BlockingCallback;
+import net.frozenorb.apiv3.util.ErrorUtils;
+
+public final class POSTUserChangePassword implements Handler<RoutingContext> {
+
+    public void handle(RoutingContext ctx) {
+        User user = User.findByIdSync(ctx.request().getParam("id"));
+
+        if (user == null) {
+            ErrorUtils.respondNotFound(ctx, "User", ctx.request().getParam("id"));
+            return;
+        }
+
+        if (user.getPassword() == null) {
+            ErrorUtils.respondInvalidInput(ctx, "User provided does not have password set.");
+            return;
+        }
+
+        boolean authorized = user.checkPassword(ctx.request().getParam("currentPassword"));
+
+        if (!authorized) {
+            ErrorUtils.respondInvalidInput(ctx, "Current password is not correct.");
+            return;
+        }
+
+        BlockingCallback<User.RequiresTotpResult> totpRequiredCallback = new BlockingCallback<>();
+        user.requiresTotpAuthorization(null, totpRequiredCallback);
+        User.RequiresTotpResult requiresTotp = totpRequiredCallback.get();
+
+        if (requiresTotp == User.RequiresTotpResult.REQUIRED_NO_EXEMPTIONS) {
+            // TODO
+        }
+
+        String newPassword = ctx.request().getParam("newPassword");
+
+        if (newPassword.length() < 8) {
+            ErrorUtils.respondGeneric(ctx, 200, "Your password is too short.");
+            return;
+        }
+
+        user.setPassword(newPassword);
+        user.save();
+
+        APIv3.respondJson(ctx, ImmutableMap.of(
+                "success", true
+        ));
+    }
+
+}