implemented password update procedure

user/src/main/java/de/srsoftware/umbrella/user/UserModule.java

@@ -26,6 +26,7 @@ import java.time.Instant;
 import java.util.List;
 import java.util.Set;
 import org.json.JSONObject;
+import org.sqlite.core.DB;
 
 
 public class UserModule extends PathHandler {
@@ -93,6 +94,7 @@ public class UserModule extends PathHandler {
 		long userId;
 		try {
 			if (head == null || head.isBlank()) return sendContent(ex,UNPROCESSABLE,"User id missing!");
+			if (PASSWORD.equals(head)) return patchPassword(ex,requestingUser);
 			userId = Long.parseLong(head);
 		} catch (NumberFormatException e) {
 			return sendContent(ex,UNPROCESSABLE,"Invalid user id: "+head);
@@ -125,6 +127,29 @@ public class UserModule extends PathHandler {
 		}
 	}
 
+	private boolean patchPassword(HttpExchange ex, UmbrellaUser requestingUser) throws IOException {
+		if (!(requestingUser instanceof DbUser user)) return sendContent(ex,SERVER_ERROR,"DbUser expected");
+		JSONObject json;
+		try {
+			json = json(ex);
+		} catch (Exception e){
+			LOG.log(WARNING,"Request does not contain valid JSON",e);
+			return sendContent(ex,BAD_REQUEST,"Body contains no JSON data");
+		}
+		if (!json.has("old") || !(json.get("old") instanceof String oldpass) || oldpass.isBlank()) return sendContent(ex,UNPROCESSABLE,"old password missing!");
+		if (!json.has("new") || !(json.get("new") instanceof String newpass) || newpass.isBlank()) return sendContent(ex,UNPROCESSABLE,"new password missing!");
+		var old = Password.of(BAD_HASHER.hash(oldpass,null));
+		if (!user.hashedPassword().equals(old)) return sendContent(ex,UNAUTHORIZED,"Wrong password (old)");
+		if (weak(newpass)) return sendContent(ex,BAD_REQUEST,"New password too weak!");
+		var pass = Password.of(BAD_HASHER.hash(newpass,null));
+		try {
+			var updated = users.save(new DbUser(user.id(), user.name(), user.email(), pass, user.theme(), user.language(), user.permissions(), null));
+			return sendContent(ex, updated);
+		} catch (UmbrellaException e) {
+			return sendContent(ex,e.statusCode(),e.getMessage());
+		}
+	}
+
 	@Override
 	public boolean doPost(Path path, HttpExchange ex) throws IOException {
 		addCors(ex);
@@ -191,4 +216,18 @@ public class UserModule extends PathHandler {
 		var saved = users.save(new DbUser(id,name,email,pass,theme,lang, user.permissions(),null));
 		return sendContent(ex,OK,saved);
 	}
+
+	static int score(String password){
+		if (password == null) return 0;
+		var score = 0;
+		for (int i=0; i<password.length(); i++){
+			int c = password.charAt(i);
+			score += Character.isDigit(c) || Character.isLetter(c) ? 1 : 3;
+		}
+		return score;
+	}
+
+	private static boolean weak(String password){
+		return score(password) < 14;
+	};
 }

user/src/main/java/de/srsoftware/umbrella/user/model/Password.java

@@ -9,6 +9,13 @@ public class Password implements CharSequence{
 		this.pass = val;
 	}
 
+	@Override
+	public boolean equals(Object obj) {
+		if (obj instanceof String s) return s.equals(pass);
+		if (!(obj instanceof Password other)) return false;
+		return pass != null && pass.equals(other.pass);
+	}
+
 	@Override
 	public int length() {
 		return pass.length();