From 76450d341424386fe08938f7b93b2aaa9023a8a8 Mon Sep 17 00:00:00 2001
From: Craig Oates <craig@craigoates.net>
Date: Sat, 8 Oct 2022 12:59:07 +0100
Subject: [PATCH] seperate /user/edit route (HTTP POST) into two.

There are now two HTTP POST routes which update either the user's display name
or password.
---
 src/web.lisp | 50 ++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 38 insertions(+), 12 deletions(-)

diff --git a/src/web.lisp b/src/web.lisp
index 3e041dc..701d080 100644
--- a/src/web.lisp
+++ b/src/web.lisp
@@ -463,26 +463,52 @@
 		 (progn (utils:set-alert "You are not logged in." "error")
 			(redirect "/login"))))
 
-(defroute ("/user/edit" :method :POST) ()
+(defroute ("/user/edit/display-name" :method :POST) ()
   (destructuring-bind
-      (&key display-name new-password password-check
-	 authenticity-token &allow-other-keys)
+      (&key display-name authenticity-token &allow-other-keys)
       (utils:request-params
        (lack.request:request-body-parameters ningle:*request*))
     (cond ((not (string= authenticity-token (auth:csrf-token)))
 	   `(,+forbidden+ (:content-type "text/plain") ("Denied")))
-	  ((not (string= new-password password-check))
-	   (utils:set-alert "Passwords don't match." "invalid-data")
-	   (redirect "/user/edit"))
 	  (t (hermetic:auth
 	      (:logged-in)
 	      ;; Authorised
-	      (progn
-		(nera-db:update-user
-		 (user::username-of (auth:get-current-user))
-		 display-name new-password)
-		(utils:set-alert "User details updated." "success")
-		(redirect "/dashboard"))
+	      (cond ((utils:string-is-nil-or-empty? display-name)
+		     (utils:set-alert "Display name not entered." "missing-data")
+		     (redirect "/user/edit"))
+		    (t (nera-db:update-user
+			(user::username-of (auth:get-current-user))
+			:display-name display-name :new-password nil)
+		       (utils:set-alert "Display name updated." "success")
+		       (redirect "/dashboard")))
+	      ;; Not Authorised
+	      (progn (utils:set-alert "You are not logged in." "error")
+		     (redirect "/login")))))))
+
+(defroute ("/user/edit/password" :method :POST) ()
+  (destructuring-bind
+      (&key new-password password-check authenticity-token &allow-other-keys)
+      (utils:request-params
+       (lack.request:request-body-parameters ningle:*request*))
+    (cond ((not (string= authenticity-token (auth:csrf-token)))
+	   `(,+forbidden+ (:content-type "text/plain") ("Denied")))
+	  (t (hermetic:auth
+	      (:logged-in)
+	      ;; Authorised
+	      (cond ((find t (mapcar
+			      #'utils:string-is-nil-or-empty?
+			      `(,new-password ,password-check)))
+		     (utils:set-alert "Missing new password data. Make sure both password boxes are filled out."
+				      "missing-data")
+		     (redirect "/user/edit"))
+		    ((not (string= new-password password-check))
+		     (utils:set-alert "Passwords don't match." "invalid-data")
+		     (redirect "/user/edit"))
+		    (t (nera-db:update-user
+			(user::username-of (auth:get-current-user))
+			:display-name nil :new-password new-password)
+		       (utils:set-alert "Password updated." "success")
+		       (redirect "/dashboard")))
 	      ;; Not Authorised
 	      (progn (utils:set-alert "You are not logged in." "error")
 		     (redirect "/login")))))))