From d2eaf3bd982b3105f7ab1a16474c80d0ffc8b432 Mon Sep 17 00:00:00 2001
From: Christoph Lienhard <christoph-lienhard@gmx.de>
Date: Wed, 23 Jun 2021 17:49:49 +0200
Subject: [PATCH] #17 unfinished

---
 backend/db/sql/04_setup_authentication.sql | 59 ++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/backend/db/sql/04_setup_authentication.sql b/backend/db/sql/04_setup_authentication.sql
index 80d5a46..4669a32 100644
--- a/backend/db/sql/04_setup_authentication.sql
+++ b/backend/db/sql/04_setup_authentication.sql
@@ -90,3 +90,62 @@ $$ language plpgsql strict
                     security definer;
 grant execute on function candymat_data.authenticate(text, text) to candymat_anonymous, candymat_person;
 
+-- Change password
+drop function if exists candymat_data.change_password;
+create function candymat_data.change_password(
+    email        text,
+    old_password text,
+    new_password text
+) returns candymat_data.jwt_token as
+$$
+declare
+    account        candymat_data_privat.person_account;
+    declare person candymat_data.person;
+begin
+    select a.*
+    into account
+    from candymat_data_privat.person_account as a
+    where a.email = $1;
+
+    select p.*
+    into person
+    from candymat_data.person as p
+    where p.row_id = account.person_row_id;
+
+    if account.password_hash = crypt(old_password, account.password_hash) then
+
+        select *
+        from candymat_data.person
+        where row_id = nullif(current_setting('jwt.claims.person_row_id', true), '')::integer
+
+        return (person.role, account.person_row_id,
+                extract(epoch from (now() + interval '2 days')))::candymat_data.jwt_token;
+    else
+        return null;
+    end if;
+end;
+$$ language plpgsql strict
+                    security definer;
+grant execute on function candymat_data.change_role(integer, candymat_data.role) to candymat_editor;
+
+-- Change role: Changes role for a given user. Only editors are allowed to use it.
+drop function if exists candymat_data.change_role;
+create function candymat_data.change_role(
+    person_row_id integer,
+    new_role      candymat_data.role
+)
+    returns candymat_data.person as
+$$
+declare
+    person candymat_data.person;
+begin
+    update candymat_data.person
+    set role = new_role
+    where candymat_data.person.row_id = $1
+    returning * into person;
+
+    return person;
+end;
+$$ language plpgsql strict
+                    security definer;
+grant execute on function candymat_data.change_role(integer, candymat_data.role) to candymat_editor;