From 66d3fcf2e22f057bacce8d97d43a13c1c5a9ad09 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 29 Oct 2024 23:29:22 -0400
Subject: Add `change password` UI + API.

The protocol here re-checks the caller's password, as a "I left myself logged in" anti-pranking check.
---
 src/token/repo/auth.rs | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'src/token/repo/auth.rs')

diff --git a/src/token/repo/auth.rs b/src/token/repo/auth.rs
index bdc4c33..b51db8c 100644
--- a/src/token/repo/auth.rs
+++ b/src/token/repo/auth.rs
@@ -50,6 +50,35 @@ impl<'t> Auth<'t> {
 
         Ok((login, row.password_hash))
     }
+
+    pub async fn for_login(&mut self, login: &Login) -> Result<(History, StoredHash), LoadError> {
+        let row = sqlx::query!(
+            r#"
+                select
+                    id as "id: login::Id",
+                    display_name as "display_name: String",
+                    canonical_name as "canonical_name: String",
+                    created_sequence as "created_sequence: Sequence",
+                    created_at as "created_at: DateTime",
+                    password_hash as "password_hash: StoredHash"
+                from login
+                where id = $1
+            "#,
+            login.id,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        let login = History {
+            login: Login {
+                id: row.id,
+                name: Name::new(row.display_name, row.canonical_name)?,
+            },
+            created: Instant::new(row.created_at, row.created_sequence),
+        };
+
+        Ok((login, row.password_hash))
+    }
 }
 
 #[derive(Debug, thiserror::Error)]
-- 
cgit v1.2.3