1 files changed, 30 insertions, 15 deletions

diff --git a/app/Controllers/apiController.php b/app/Controllers/apiController.php
index d096ba83f..14dac938c 100644
--- a/app/Controllers/apiController.php
+++ b/app/Controllers/apiController.php
@@ -4,6 +4,31 @@
  * This controller manage API-related features.
  */
 class FreshRSS_api_Controller extends Minz_ActionController {
+
+	/**
+	 * Update the user API password.
+	 * Return an error message, or `false` if no error.
+	 */
+	public static function updatePassword($apiPasswordPlain) {
+		$username = Minz_Session::param('currentUser');
+		$userConfig = FreshRSS_Context::$user_conf;
+
+		$apiPasswordHash = FreshRSS_password_Util::hash($apiPasswordPlain);
+		$userConfig->apiPasswordHash = $apiPasswordHash;
+
+		$feverKey = FreshRSS_fever_Util::updateKey($username, $apiPasswordPlain);
+		if (!$feverKey) {
+			return _t('feedback.api.password.failed');
+		}
+
+		$userConfig->feverKey = $feverKey;
+		if ($userConfig->save()) {
+			return false;
+		} else {
+			return _t('feedback.api.password.failed');
+		}
+	}
+
 	/**
 	 * This action updates the user API password.
 	 *
@@ -22,26 +47,16 @@ class FreshRSS_api_Controller extends Minz_ActionController {
 		}
 
 		$apiPasswordPlain = Minz_Request::param('apiPasswordPlain', '', true);
+		$apiPasswordPlain = trim($apiPasswordPlain);
 		if ($apiPasswordPlain == '') {
 			Minz_Request::forward($return_url, true);
 		}
 
-		$username = Minz_Session::param('currentUser');
-		$userConfig = FreshRSS_Context::$user_conf;
-
-		$apiPasswordHash = FreshRSS_password_Util::hash($apiPasswordPlain);
-		$userConfig->apiPasswordHash = $apiPasswordHash;
-
-		$feverKey = FreshRSS_fever_Util::updateKey($username, $apiPasswordPlain);
-		if (!$feverKey) {
-			Minz_Request::bad(_t('feedback.api.password.failed'), $return_url);
-		}
-
-		$userConfig->feverKey = $feverKey;
-		if ($userConfig->save()) {
-			Minz_Request::good(_t('feedback.api.password.updated'), $return_url);
+		$error = self::updatePassword($apiPasswordPlain);
+		if ($error) {
+			Minz_Request::bad($error, $return_url);
 		} else {
-			Minz_Request::bad(_t('feedback.api.password.failed'), $return_url);
+			Minz_Request::good(_t('feedback.api.password.updated'), $return_url);
 		}
 	}
 }