password_check.rb 963 B

123456789101112131415161718192021222324252627282930313233
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. module Gql::Mutations
  3. class User::Current::PasswordCheck < BaseMutation
  4. include Gql::Concerns::HandlesThrottling
  5. description 'Check your password'
  6. argument :password, String, required: true, description: 'Password to check'
  7. field :success, Boolean, description: 'This indicates if given password matches current user password'
  8. def self.authorize(_obj, ctx)
  9. ctx.current_user.permissions?('user_preferences.password')
  10. end
  11. def ready?(...)
  12. throttle!(limit: 10, period: 1.minute, by_identifier: context.current_user.login)
  13. end
  14. def resolve(password:)
  15. success = Service::User::PasswordCheck
  16. .new(user: context.current_user, password:)
  17. .execute
  18. if !success
  19. return error_response({ field: :password, message: __('The provided password is incorrect.') })
  20. end
  21. { success: }
  22. end
  23. end
  24. end