implemented password update procedure

frontend/src/Components/ClickInput.svelte

@@ -1,6 +1,6 @@
 <script>
-    import { t } from '../../translations.svelte.js';
-    import { checkUser } from '../../user.svelte.js';
+    import { t } from '../translations.svelte.js';
+    import { checkUser } from '../user.svelte.js';
 
     let { key, onUpdate, value } = $props();
 

frontend/src/Components/ClickSelect.svelte

@@ -1,6 +1,6 @@
 <script>
-    import { t } from '../../translations.svelte.js';
-    import { checkUser } from '../../user.svelte.js';
+    import { t } from '../translations.svelte.js';
+    import { checkUser } from '../user.svelte.js';
 
     let { fetchOptions, key, value, onUpdate } = $props();
 

frontend/src/routes/user/EditPassword.svelte

@@ -0,0 +1,64 @@
+<script>
+    import { t } from '../../translations.svelte.js';
+
+    let { editPassword = $bindable() } = $props();
+
+    let oldPass = $state("");
+    let newPass = $state("");
+    let repeat  = $state("");
+
+    let oldEmpty = $derived(!/\S/.test(oldPass));
+    let newEmpty = $derived(!/\S/.test(newPass));
+    let mismatch = $derived(newPass != repeat);
+
+    function abort(){
+        editPassword = false;
+    }
+
+    async function submit(){
+        const url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/password`;
+        const data = {
+            old: oldPass,
+            new: newPass
+        };
+        const resp = await fetch(url,{
+            method: 'PATCH',
+            body: JSON.stringify(data),
+            credentials: 'include'
+        });
+        if (resp.ok){
+            const json = await resp.json();
+            console.log(json);
+        }
+    }
+</script>
+
+<style>
+    label{
+        display: block;
+    }
+</style>
+
+<fieldset class="overlay">
+    <legend>{t('user.edit_password')}</legend>
+    <label>
+        <input type="password" bind:value={oldPass} /> {t('user.old_password')}
+        {#if oldEmpty}
+        <span class="error">{t('user.must_not_be_empty')}</span>
+        {/if}
+    </label>
+    <label>
+        <input type="password" bind:value={newPass} /> {t('user.new_password')}
+        {#if newEmpty}
+        <span class="error">{t('user.must_not_be_empty')}</span>
+        {/if}
+    </label>
+    <label>
+        <input type="password" bind:value={repeat} /> {t('user.repeat_new_password')}
+        {#if mismatch}
+        <span class="error">{t('user.mismatch')}</span>
+        {/if}
+    </label>
+    <button onclick={submit} disabled={oldEmpty||newEmpty||mismatch}>{t('user.update')}</button>
+    <button onclick={abort}>{t('user.abort')}</button>
+</fieldset>

frontend/src/routes/user/User.svelte

@@ -1,9 +1,10 @@
 <script>
     import { t } from '../../translations.svelte.js';
     import { user } from '../../user.svelte.js';
-    import EditableField from './EditableField.svelte';
-    import ClickInput from './ClickInput.svelte';
-    import ClickSelect from './ClickSelect.svelte';
+    import ClickInput from '../../Components/ClickInput.svelte';
+    import ClickSelect from '../../Components/ClickSelect.svelte';
+    import EditPassword from './EditPassword.svelte';
+    let editPassword = false;
 
     async function patch(changeset){
         const url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/${user.id}`;
@@ -65,6 +66,16 @@
                 <ClickSelect key='theme' value={user.theme} fetchOptions={fetchThemes} onUpdate={patch} />
             </td>
         </tr>
+        <tr>
+            <th>{t('user.password')}</th>
+            <td>
+                {#if editPassword}
+                <EditPassword bind:editPassword={editPassword} />
+                {:else}
+                <button onclick={() => editPassword = true}>{t('user.edit_password')}</button>
+                {/if}
+            </td>
+        </tr>
         <tr>
             <th>{t('user.permissions')}</th>
             <td>

frontend/src/translations.svelte.js

@@ -13,7 +13,7 @@ export function t(key,...args){
     for (let token of keys){
         if (!set[token]){
             console.log('Missing translation for '+key);
-            return keys[keys.length-1].replace('_',' ');
+            return keys[keys.length-1].replaceAll('_',' ');
         }
         set = set[token];
     }

translations/src/main/resources/de.json

@@ -20,6 +20,7 @@
   "user" : {
     "CREATE_USERS": "NUTZER ANLEGEN",
     "DELETE_USERS": "NUTZER LÖSCHEN",
+    "edit_password": "Passwort ändern",
     "email": "E-Mail",
     "id": "Id",
     "IMPERSONATE": "NUTZER WECHSELN",
@@ -28,6 +29,7 @@
     "login": "Login",
     "MANAGE_LOGIN_SERVICES": "LOGIN-SERVICES VERWALTEN",
     "name": "Name",
+    "password": "Passwort",
     "permissions": "Berechtigungen",
     "profile": "Profil",
     "theme": "Design",

user/src/main/java/de/srsoftware/umbrella/user/UserModule.java

@@ -26,6 +26,7 @@ import java.time.Instant;
 import java.util.List;
 import java.util.Set;
 import org.json.JSONObject;
+import org.sqlite.core.DB;
 
 
 public class UserModule extends PathHandler {
@@ -93,6 +94,7 @@ public class UserModule extends PathHandler {
 		long userId;
 		try {
 			if (head == null || head.isBlank()) return sendContent(ex,UNPROCESSABLE,"User id missing!");
+			if (PASSWORD.equals(head)) return patchPassword(ex,requestingUser);
 			userId = Long.parseLong(head);
 		} catch (NumberFormatException e) {
 			return sendContent(ex,UNPROCESSABLE,"Invalid user id: "+head);
@@ -125,6 +127,29 @@ public class UserModule extends PathHandler {
 		}
 	}
 
+	private boolean patchPassword(HttpExchange ex, UmbrellaUser requestingUser) throws IOException {
+		if (!(requestingUser instanceof DbUser user)) return sendContent(ex,SERVER_ERROR,"DbUser expected");
+		JSONObject json;
+		try {
+			json = json(ex);
+		} catch (Exception e){
+			LOG.log(WARNING,"Request does not contain valid JSON",e);
+			return sendContent(ex,BAD_REQUEST,"Body contains no JSON data");
+		}
+		if (!json.has("old") || !(json.get("old") instanceof String oldpass) || oldpass.isBlank()) return sendContent(ex,UNPROCESSABLE,"old password missing!");
+		if (!json.has("new") || !(json.get("new") instanceof String newpass) || newpass.isBlank()) return sendContent(ex,UNPROCESSABLE,"new password missing!");
+		var old = Password.of(BAD_HASHER.hash(oldpass,null));
+		if (!user.hashedPassword().equals(old)) return sendContent(ex,UNAUTHORIZED,"Wrong password (old)");
+		if (weak(newpass)) return sendContent(ex,BAD_REQUEST,"New password too weak!");
+		var pass = Password.of(BAD_HASHER.hash(newpass,null));
+		try {
+			var updated = users.save(new DbUser(user.id(), user.name(), user.email(), pass, user.theme(), user.language(), user.permissions(), null));
+			return sendContent(ex, updated);
+		} catch (UmbrellaException e) {
+			return sendContent(ex,e.statusCode(),e.getMessage());
+		}
+	}
+
 	@Override
 	public boolean doPost(Path path, HttpExchange ex) throws IOException {
 		addCors(ex);
@@ -191,4 +216,18 @@ public class UserModule extends PathHandler {
 		var saved = users.save(new DbUser(id,name,email,pass,theme,lang, user.permissions(),null));
 		return sendContent(ex,OK,saved);
 	}
+
+	static int score(String password){
+		if (password == null) return 0;
+		var score = 0;
+		for (int i=0; i<password.length(); i++){
+			int c = password.charAt(i);
+			score += Character.isDigit(c) || Character.isLetter(c) ? 1 : 3;
+		}
+		return score;
+	}
+
+	private static boolean weak(String password){
+		return score(password) < 14;
+	};
 }

user/src/main/java/de/srsoftware/umbrella/user/model/Password.java

@@ -9,6 +9,13 @@ public class Password implements CharSequence{
 		this.pass = val;
 	}
 
+	@Override
+	public boolean equals(Object obj) {
+		if (obj instanceof String s) return s.equals(pass);
+		if (!(obj instanceof Password other)) return false;
+		return pass != null && pass.equals(other.pass);
+	}
+
 	@Override
 	public int length() {
 		return pass.length();

web/src/main/resources/web/css/default.css

@@ -0,0 +1,37 @@
+a {
+    color: orange;
+}
+body {
+    background: black;
+    color: orange;
+}
+
+fieldset {
+    border: 1px solid orange;
+    border-radius: 4px;
+}
+
+input{
+    background: black;
+    border: 1px dotted orange;
+    border-radius: 4px;
+    padding: 3px;
+    margin: 3px;
+    color: orange;
+}
+
+button{
+    background: orange;
+    border-radius: 5px;
+    padding: 5px 7px;
+    border-width: 2px;
+    border-style: solid;
+    border-color: yellow red red yellow;
+}
+footer {
+  position: absolute;
+  bottom: 0;
+  width: 100%;
+  text-align: center;
+  margin: 5px;
+}

web/src/main/resources/web/css/winter.css

@@ -1,11 +1,17 @@
 a {
     color: black;
 }
+
 body {
     background: white;
     color: navy;
 }
 
+button:disabled{
+    color:lightgray;
+    border-color:lightgray;
+}
+
 fieldset {
     border: 1px solid blue;
     border-radius: 4px;
@@ -21,12 +27,12 @@ input{
 }
 
 button{
-    background: red;
+    background: snow;
     border-radius: 5px;
     padding: 5px 7px;
     border-width: 2px;
     border-style: solid;
-    border-color: yellow red red yellow;
+    border-color: darkgray black black darkgray;
 }
 footer {
   position: absolute;