1 package Koha
::REST
::V1
::Patrons
::Password
;
3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Mojo
::Base
'Mojolicious::Controller';
22 use C4
::Auth
qw(checkpw_internal);
26 use Scalar
::Util
qw(blessed);
31 Koha::REST::V1::Patrons::Password
39 Controller method that sets a patron's password, permission driven
45 my $c = shift->openapi->valid_input or return;
47 my $patron = Koha
::Patrons
->find( $c->validation->param('patron_id') );
48 my $body = $c->validation->param('body');
51 return $c->render( status
=> 404, openapi
=> { error
=> "Patron not found." } );
54 my $password = $body->{password
} // "";
55 my $password_2 = $body->{password_2
} // "";
57 unless ( $password eq $password_2 ) {
58 return $c->render( status
=> 400, openapi
=> { error
=> "Passwords don't match" } );
64 $patron->set_password({ password
=> $password });
66 return $c->render( status
=> 200, openapi
=> "" );
69 unless ( blessed
$_ && $_->can('rethrow') ) {
70 return $c->render( status
=> 500, openapi
=> { error
=> "$_" } );
73 # an exception was raised. return 400 with the stringified exception
74 return $c->render( status
=> 400, openapi
=> { error
=> "$_" } );
80 Controller method that sets a patron's password, for unprivileged users
86 my $c = shift->openapi->valid_input or return;
88 my $body = $c->validation->param('body');
89 my $patron_id = $c->validation->param('patron_id');
91 unless ( C4
::Context
->preference('OpacPasswordChange') ) {
94 openapi
=> { error
=> "Configuration prevents password changes by unprivileged users" }
98 my $user = $c->stash('koha.user');
100 unless ( $user->borrowernumber == $patron_id ) {
104 error
=> "Changing other patron's password is forbidden"
109 my $old_password = $body->{old_password
};
110 my $password = $body->{password
};
111 my $password_2 = $body->{password_repeated
};
113 unless ( $password eq $password_2 ) {
114 return $c->render( status
=> 400, openapi
=> { error
=> "Passwords don't match" } );
118 my $dbh = C4
::Context
->dbh;
119 unless ( checkpw_internal
($dbh, $user->userid, $old_password ) ) {
120 Koha
::Exceptions
::Authorization
::Unauthorized
->throw("Invalid password");
124 $user->set_password($password);
126 return $c->render( status
=> 200, openapi
=> "" );
129 unless ( blessed
$_ && $_->can('rethrow') ) {
130 return $c->render( status
=> 500, openapi
=> { error
=> "$_" } );
133 # an exception was raised. return 400 with the stringified exception
134 return $c->render( status
=> 400, openapi
=> { error
=> "$_" } );