From 919fbca61aebdac9d48d9e6429b9c736500b2b46 Mon Sep 17 00:00:00 2001
From: Brian Simpson <bsimpson63@gmail.com>
Date: Thu, 24 Apr 2014 01:59:56 -0400
Subject: [PATCH] Add back POST_update for API clients.

---
 r2/r2/controllers/api.py | 74 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index 13c9f8a4d..209e4b12e 100755
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -1083,6 +1083,80 @@ class ApiController(RedditController):
             # invalidated.  drop a new cookie.
             self.login(c.user)
 
+    @validatedForm(VUser('curpass', default = ''),
+                   VModhash(),
+                   email = ValidEmails("email", num = 1),
+                   password = VPassword(['newpass', 'verpass']),
+                   verify = VBoolean("verify"),
+                   dest=VDestination())
+    @api_doc(api_section.account)
+    def POST_update(self, form, jquery, email, password, verify, dest):
+        """
+        Update account email address and password.
+
+        Called by /prefs/update on the site. For frontend form verification
+        purposes, `newpass` and `verpass` must be equal for a password change
+        to succeed.
+        """
+        # password is required to proceed
+        if form.has_errors("curpass", errors.WRONG_PASSWORD):
+            return
+        
+        # check if the email is valid.  If one is given and it is
+        # different from the current address (or there is not one
+        # currently) apply it
+        updated = False
+        if (not form.has_errors("email", errors.BAD_EMAILS) and
+            email):
+            if (not hasattr(c.user,'email') or c.user.email != email):
+                if c.user.email_verified:
+                    emailer.email_change_email(c.user)
+                c.user.email = email
+                # unverified email for now
+                c.user.email_verified = None
+                c.user._commit()
+                Award.take_away("verified_email", c.user)
+                updated = True
+            if verify:
+                # TODO: rate limit this?
+                if dest == '/':
+                    dest = None
+
+                emailer.verify_email(c.user, dest=dest)
+                form.set_html('.status',
+                     _("you should be getting a verification email shortly."))
+            else:
+                form.set_html('.status', _('your email has been updated'))
+
+        # user is removing their email
+        if (not email and c.user.email and 
+            (errors.NO_EMAILS, 'email') in c.errors):
+            c.errors.remove((errors.NO_EMAILS, 'email'))
+            c.user.email = ''
+            c.user.email_verified = None
+            c.user._commit()
+            Award.take_away("verified_email", c.user)
+            updated = True
+            form.set_html('.status', _('your email has been updated'))
+
+        # change password
+        if (password and
+            not (form.has_errors("newpass", errors.BAD_PASSWORD) or
+                 form.has_errors("verpass", errors.BAD_PASSWORD_MATCH))):
+            change_password(c.user, password)
+            if c.user.email_verified:
+                emailer.password_change_email(c.user)
+            if updated:
+                form.set_html(".status",
+                              _('your email and password have been updated'))
+            else:
+                form.set_html('.status', 
+                              _('your password has been updated'))
+            form.set_inputs(curpass = "", newpass = "", verpass = "")
+            # the password has changed, so the user's cookie has been
+            # invalidated.  drop a new cookie.
+            self.login(c.user)
+
     @validatedForm(VUser(),
                    VModhash(),
                    delete_message = VLength("delete_message", max_length=500),