return-to-ritherdon
/
ritherdon-archive
1
0
Fork 0
Code Issues 2 Pull Requests Projects 1 Releases Wiki Activity
Browse Source

seperate /user/edit route (HTTP POST) into two. 

There are now two HTTP POST routes which update either the user's display name
or password.
stable
Craig Oates 2 years ago
parent
949cee862c
commit
76450d3414
1 changed files with 38 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 50
      src/web.lisp

50
src/web.lisp
Unescape View File

@ -463,26 +463,52 @@
(progn (utils:set-alert "You are not logged in." "error")
(redirect "/login"))))
(defroute ("/user/edit" :method :POST) ()
(defroute ("/user/edit/display-name" :method :POST) ()
(destructuring-bind
(&key display-name new-password password-check
authenticity-token &allow-other-keys)
(&key display-name authenticity-token &allow-other-keys)
(utils:request-params
(lack.request:request-body-parameters ningle:*request*))
(cond ((not (string= authenticity-token (auth:csrf-token)))
`(,+forbidden+ (:content-type "text/plain") ("Denied")))
((not (string= new-password password-check))
(utils:set-alert "Passwords don't match." "invalid-data")
(redirect "/user/edit"))
(t (hermetic:auth
(:logged-in)
;; Authorised
(progn
(nera-db:update-user
(user::username-of (auth:get-current-user))
display-name new-password)
(utils:set-alert "User details updated." "success")
(redirect "/dashboard"))
(cond ((utils:string-is-nil-or-empty? display-name)
(utils:set-alert "Display name not entered." "missing-data")
(redirect "/user/edit"))
(t (nera-db:update-user
(user::username-of (auth:get-current-user))
:display-name display-name :new-password nil)
(utils:set-alert "Display name updated." "success")
(redirect "/dashboard")))
;; Not Authorised
(progn (utils:set-alert "You are not logged in." "error")
(redirect "/login")))))))
(defroute ("/user/edit/password" :method :POST) ()
(destructuring-bind
(&key new-password password-check authenticity-token &allow-other-keys)
(utils:request-params
(lack.request:request-body-parameters ningle:*request*))
(cond ((not (string= authenticity-token (auth:csrf-token)))
`(,+forbidden+ (:content-type "text/plain") ("Denied")))
(t (hermetic:auth
(:logged-in)
;; Authorised
(cond ((find t (mapcar
#'utils:string-is-nil-or-empty?
`(,new-password ,password-check)))
(utils:set-alert "Missing new password data. Make sure both password boxes are filled out."
"missing-data")
(redirect "/user/edit"))
((not (string= new-password password-check))
(utils:set-alert "Passwords don't match." "invalid-data")
(redirect "/user/edit"))
(t (nera-db:update-user
(user::username-of (auth:get-current-user))
:display-name nil :new-password new-password)
(utils:set-alert "Password updated." "success")
(redirect "/dashboard")))
;; Not Authorised
(progn (utils:set-alert "You are not logged in." "error")
(redirect "/login")))))))

Write Preview
Loading…
Cancel
Save