From bb9b166eb1be73226d2cf978a05a70ed83faec1e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 17 Sep 2020 09:43:39 +0200
Subject: Fix CLI api_password (#3179)

* Fix CLI api_password

#fix https://github.com/FreshRSS/FreshRSS/issues/3177
Fix regression from https://github.com/FreshRSS/FreshRSS/pull/2675

* Update cli/_update-or-create-user.php

Co-authored-by: oupala <oupala@users.noreply.github.com>

Co-authored-by: oupala <oupala@users.noreply.github.com>
---
 app/Controllers/apiController.php | 45 ++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 15 deletions(-)

(limited to 'app/Controllers')

diff --git a/app/Controllers/apiController.php b/app/Controllers/apiController.php
index d096ba83f..14dac938c 100644
--- a/app/Controllers/apiController.php
+++ b/app/Controllers/apiController.php
@@ -4,6 +4,31 @@
  * This controller manage API-related features.
  */
 class FreshRSS_api_Controller extends Minz_ActionController {
+
+	/**
+	 * Update the user API password.
+	 * Return an error message, or `false` if no error.
+	 */
+	public static function updatePassword($apiPasswordPlain) {
+		$username = Minz_Session::param('currentUser');
+		$userConfig = FreshRSS_Context::$user_conf;
+
+		$apiPasswordHash = FreshRSS_password_Util::hash($apiPasswordPlain);
+		$userConfig->apiPasswordHash = $apiPasswordHash;
+
+		$feverKey = FreshRSS_fever_Util::updateKey($username, $apiPasswordPlain);
+		if (!$feverKey) {
+			return _t('feedback.api.password.failed');
+		}
+
+		$userConfig->feverKey = $feverKey;
+		if ($userConfig->save()) {
+			return false;
+		} else {
+			return _t('feedback.api.password.failed');
+		}
+	}
+
 	/**
 	 * This action updates the user API password.
 	 *
@@ -22,26 +47,16 @@ class FreshRSS_api_Controller extends Minz_ActionController {
 		}
 
 		$apiPasswordPlain = Minz_Request::param('apiPasswordPlain', '', true);
+		$apiPasswordPlain = trim($apiPasswordPlain);
 		if ($apiPasswordPlain == '') {
 			Minz_Request::forward($return_url, true);
 		}
 
-		$username = Minz_Session::param('currentUser');
-		$userConfig = FreshRSS_Context::$user_conf;
-
-		$apiPasswordHash = FreshRSS_password_Util::hash($apiPasswordPlain);
-		$userConfig->apiPasswordHash = $apiPasswordHash;
-
-		$feverKey = FreshRSS_fever_Util::updateKey($username, $apiPasswordPlain);
-		if (!$feverKey) {
-			Minz_Request::bad(_t('feedback.api.password.failed'), $return_url);
-		}
-
-		$userConfig->feverKey = $feverKey;
-		if ($userConfig->save()) {
-			Minz_Request::good(_t('feedback.api.password.updated'), $return_url);
+		$error = self::updatePassword($apiPasswordPlain);
+		if ($error) {
+			Minz_Request::bad($error, $return_url);
 		} else {
-			Minz_Request::bad(_t('feedback.api.password.failed'), $return_url);
+			Minz_Request::good(_t('feedback.api.password.updated'), $return_url);
 		}
 	}
 }
-- 
cgit v1.2.3