1 package Koha::REST::V1::Patrons::Password;
3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Mojo::Base 'Mojolicious::Controller';
22 use C4::Auth qw(checkpw_internal);
26 use Scalar::Util qw( blessed );
27 use Try::Tiny qw( catch try );
31 Koha::REST::V1::Patrons::Password
39 Controller method that sets a patron's password, permission driven
45 my $c = shift->openapi->valid_input or return;
47 my $patron = Koha::Patrons->find( $c->validation->param('patron_id') );
48 my $body = $c->validation->param('body');
51 return $c->render( status => 404, openapi => { error => "Patron not found." } );
54 my $password = $body->{password} // "";
55 my $password_2 = $body->{password_2} // "";
57 unless ( $password eq $password_2 ) {
58 return $c->render( status => 400, openapi => { error => "Passwords don't match" } );
64 $patron->set_password({ password => $password });
66 return $c->render( status => 200, openapi => "" );
69 if ( blessed $_ and $_->isa('Koha::Exceptions::Password') ) {
72 openapi => { error => "$_" }
76 $c->unhandled_exception($_);
82 Controller method that sets a patron's password, for unprivileged users
88 my $c = shift->openapi->valid_input or return;
90 my $body = $c->validation->param('body');
91 my $patron_id = $c->validation->param('patron_id');
93 unless ( C4::Context->preference('OpacPasswordChange') ) {
96 openapi => { error => "Configuration prevents password changes by unprivileged users" }
100 my $user = $c->stash('koha.user');
102 unless ( $user->borrowernumber == $patron_id ) {
106 error => "Changing other patron's password is forbidden"
111 my $old_password = $body->{old_password};
112 my $password = $body->{password};
113 my $password_2 = $body->{password_repeated};
115 unless ( $password eq $password_2 ) {
116 return $c->render( status => 400, openapi => { error => "Passwords don't match" } );
120 my $dbh = C4::Context->dbh;
121 unless ( checkpw_internal($dbh, $user->userid, $old_password ) ) {
124 openapi => { error => "Invalid password" }
129 $user->set_password({ password => $password });
131 return $c->render( status => 200, openapi => "" );
134 if ( blessed $_ and $_->isa('Koha::Exceptions::Password') ) {
137 openapi => { error => "$_" }
141 $c->unhandled_exception($_);