MCPcopy Index your code
hub / github.com/coder/coder / putUserPassword

Method putUserPassword

coderd/users.go:1577–1720  ·  view source on GitHub ↗

@Summary Update user password @ID update-user-password @Security CoderSessionToken @Accept json @Tags Users @Param user path string true "User ID, name, or me" @Param request body codersdk.UpdateUserPasswordRequest true "Update password request" @Success 204 @Router /api/v2/users/{user}/password [pu

(rw http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

1575// @Success 204
1576// @Router /api/v2/users/{user}/password [put]
1577func (api *API) putUserPassword(rw http.ResponseWriter, r *http.Request) {
1578 var (
1579 ctx = r.Context()
1580 user = httpmw.UserParam(r)
1581 params codersdk.UpdateUserPasswordRequest
1582 apiKey = httpmw.APIKey(r)
1583 auditor = *api.Auditor.Load()
1584 aReq, commitAudit = audit.InitRequest[database.User](rw, &audit.RequestParams{
1585 Audit: auditor,
1586 Log: api.Logger,
1587 Request: r,
1588 Action: database.AuditActionWrite,
1589 })
1590 )
1591 defer commitAudit()
1592 aReq.Old = user
1593
1594 if !api.Authorize(r, policy.ActionUpdatePersonal, user) {
1595 httpapi.ResourceNotFound(rw)
1596 return
1597 }
1598
1599 // Only owners can change the password of another owner.
1600 if apiKey.UserID != user.ID && slices.Contains(user.RBACRoles, rbac.RoleOwner().String()) {
1601 actingUser, err := api.Database.GetUserByID(ctx, apiKey.UserID)
1602 if err != nil {
1603 httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
1604 Message: "Internal error fetching acting user.",
1605 Detail: err.Error(),
1606 })
1607 return
1608 }
1609 if !slices.Contains(actingUser.RBACRoles, rbac.RoleOwner().String()) {
1610 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
1611 Message: "Only owners can change the password of an owner.",
1612 })
1613 return
1614 }
1615 }
1616
1617 if !httpapi.Read(ctx, rw, r, &params) {
1618 return
1619 }
1620
1621 if user.LoginType != database.LoginTypePassword {
1622 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
1623 Message: "Users without password login type cannot change their password.",
1624 })
1625 return
1626 }
1627
1628 // A user need to put its own password to update it
1629 if apiKey.UserID == user.ID && params.OldPassword == "" {
1630 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
1631 Message: "Old password is required.",
1632 })
1633 return
1634 }

Callers

nothing calls this directly

Calls 15

AuthorizeMethod · 0.95
UserParamFunction · 0.92
APIKeyFunction · 0.92
InitRequestFunction · 0.92
ResourceNotFoundFunction · 0.92
RoleOwnerFunction · 0.92
WriteFunction · 0.92
ReadFunction · 0.92
ValidateFunction · 0.92
CompareFunction · 0.92
HashFunction · 0.92
ContextMethod · 0.65

Tested by

no test coverage detected