change_password.rb 1.3 KB

1234567891011121314151617181920212223242526272829303132333435363738
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. module Gql::Mutations
  3. class User::Current::ChangePassword < BaseMutation
  4. include Gql::Concerns::HandlesThrottling
  5. description 'Change user password.'
  6. argument :current_password, String, required: true, description: 'The current password of the user.'
  7. argument :new_password, String, required: true, description: 'The new password of the user.'
  8. field :success, Boolean, description: 'This indicates if changing the password was successful.'
  9. def self.authorize(_obj, ctx)
  10. ctx.current_user.permissions?('user_preferences.password')
  11. end
  12. def ready?(...)
  13. throttle!(limit: 10, period: 1.minute, by_identifier: context.current_user.login)
  14. end
  15. def resolve(current_password:, new_password:)
  16. begin
  17. Service::User::ChangePassword.new(
  18. user: context.current_user,
  19. current_password: current_password,
  20. new_password: new_password
  21. ).execute
  22. rescue PasswordHash::Error
  23. return error_response({ message: __('The current password you provided is incorrect.'), field: 'current_password' })
  24. rescue PasswordPolicy::Error => e
  25. return error_response({ message: e.message, field: 'new_password' })
  26. end
  27. { success: true }
  28. end
  29. end
  30. end