From 91aa46c9c7475c60cece0042fe51a7d36d8f42d6 Mon Sep 17 00:00:00 2001
From: root <root@vroom.im>
Date: Sat, 10 Jan 2015 13:58:05 +0100
Subject: [PATCH] Convert setPassword (join and owner) to the new API handler

---
 lib/Vroom/Constants.pm |  8 +++--
 public/js/vroom.js     | 45 ++++++++++++++++++--------
 vroom.pl               | 87 ++++++++++++++++++++++++++------------------------
 3 files changed, 81 insertions(+), 59 deletions(-)

diff --git a/lib/Vroom/Constants.pm b/lib/Vroom/Constants.pm
index f91dd29..8cfcd36 100644
--- a/lib/Vroom/Constants.pm
+++ b/lib/Vroom/Constants.pm
@@ -158,9 +158,11 @@ use constant API_ACTIONS => {
     list_rooms => 1
   },
   owner => {
-    invite_email => 1,
-    lock_room    => 1,
-    unlock_room  => 1
+    invite_email       => 1,
+    lock_room          => 1,
+    unlock_room        => 1,
+    set_join_password  => 1,
+    set_owner_password => 1
   },
   participant => {
     ping => 1
diff --git a/public/js/vroom.js b/public/js/vroom.js
index de8c39e..f758468 100644
--- a/public/js/vroom.js
+++ b/public/js/vroom.js
@@ -1904,10 +1904,15 @@ function initVroom(room) {
     }
     else{
       $.ajax({
+        url: rootUrl + 'api',
         data: {
-          action: 'setPassword',
-          type: 'join',
-          room: roomName
+          req: JSON.stringify({
+            action: 'set_join_password',
+            param: {
+              type: 'join',
+              room: roomName,
+            }
+          })
         },
         error: function() {
           $.notify(locale.ERROR_OCCURRED, 'error');
@@ -1936,11 +1941,15 @@ function initVroom(room) {
     if (pass == pass2 && pass != ''){
       $('#setJoinPassButton').addClass('disabled');
       $.ajax({
+        url: rootUrl + 'api',
         data: {
-          action: 'setPassword',
-          password: pass,
-          type: 'join',
-          room: roomName
+          req: JSON.stringify({
+            action: 'set_join_password',
+            param: {
+              password: pass,
+              room: roomName
+            }
+          })
         },
         error: function() {
           $.notify(locale.ERROR_OCCURRED, 'error');
@@ -1978,10 +1987,14 @@ function initVroom(room) {
     }
     else{
       $.ajax({
+        url: rootUrl + 'api',
         data: {
-          action: 'setPassword',
-          type: 'owner',
-          room: roomName
+          req: JSON.stringify({
+            action: 'set_owner_password',
+            param: {
+              room: roomName
+            }
+          })
         },
         error: function() {
           $.notify(locale.ERROR_OCCURRED, 'error');
@@ -2009,11 +2022,15 @@ function initVroom(room) {
     if (pass == pass2 && pass != ''){
       $('#setOwnerPassButton').addClass('disabled');
       $.ajax({
+        url: rootUrl + 'api',
         data: {
-          action: 'setPassword',
-          password: pass,
-          type: 'owner',
-          room: roomName
+          req: JSON.stringify({
+            action: 'set_owner_password',
+            param: {
+              password: pass,
+              room: roomName
+            }
+          })
         },
         error: function() {
           $.notify(locale.ERROR_OCCURRED, 'error');
diff --git a/vroom.pl b/vroom.pl
index 7338ed4..92621a8 100755
--- a/vroom.pl
+++ b/vroom.pl
@@ -1326,7 +1326,51 @@ any '/api' => sub {
       }
     );
   }
-
+  # Handle password (join and owner)
+  elsif ($req->{action} eq 'set_join_password'){
+    $room->{join_password} = ($req->{param}->{password} && $req->{param}->{password} ne '') ?
+      Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($req->{param}->{password})->generate : undef;
+    if ($self->modify_room($room)){
+      return $self->render(
+        json => {
+          msg    => $self->l(($req->{param}->{password}) ? 'PASSWORD_PROTECT_SET' : 'PASSWORD_PROTECT_UNSET'),
+          status => 'success'
+        }
+      );
+    }
+    return $self->render(
+      json => {
+        msg    => $self->('ERROR_OCCURRED'),
+        status => 'error'
+      }
+    );
+  }
+  elsif ($req->{action} eq 'set_owner_password'){
+    if (grep { $req->{param}->{room} eq $_ } (split /[,;]/, $config->{'rooms.common_names'})){
+      return $self->render(
+        json => {
+          status => 'error',
+          msg    => $self->l('ERROR_COMMON_ROOM_NAME')
+        }
+      );
+    }
+    $room->{owner_password} = ($req->{param}->{password} && $req->{param}->{password} ne '') ?
+      Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($req->{param}->{password})->generate : undef;
+    if ($self->modify_room($room)){
+      return $self->render(
+        json => {
+          msg    => $self->l(($req->{param}->{password}) ? 'ROOM_NOW_RESERVED' : 'ROOM_NO_MORE_RESERVED'),
+          status => 'success'
+        }
+      );
+    }
+    return $self->render(
+      json => {
+        msg    => $self->('ERROR_OCCURRED'),
+        status => 'error'
+      }
+    );
+  }   
 };
 
 # Catch all route: if nothing else match, it's the name of a room
@@ -1467,47 +1511,6 @@ post '/*jsapi' => { jsapi => [qw(jsapi admin/jsapi)] }  => sub {
     );
   }
 
-  # Handle password (join and owner)
-  elsif ($action eq 'setPassword'){
-    my $pass = $self->param('password');
-    my $type = $self->param('type') || 'join';
-    # Empty password is equivalent to no password at all
-    $pass = ($pass && $pass ne '') ?
-      Crypt::SaltedHash->new(algorithm => 'SHA-256')->add($pass)->generate : undef;
-    my $msg = $self->l('ERROR_OCCURRED');
-    my $status = 'error';
-    # Once again, only the owner can do this
-    if ($prefix eq 'admin' || $self->session($room)->{role} eq 'owner'){
-      if ($type eq 'owner'){
-        $data->{owner_password} = $pass;
-        # Forbid a few common room names to be reserved
-        if (grep { $room eq $_ } (split /[,;]/, $config->{'rooms.common_names'})){
-          $msg = $self->l('ERROR_COMMON_ROOM_NAME');
-        }
-        elsif ($self->modify_room($data)){
-          $msg = $self->l(($pass) ? 'ROOM_NOW_RESERVED' : 'ROOM_NO_MORE_RESERVED');
-          $status = 'success';
-        }
-      }
-      elsif ($type eq 'join'){
-        $data->{join_password} = $pass;
-        if ($self->modify_room($data)){
-          $msg = $self->l(($pass) ? 'PASSWORD_PROTECT_SET' : 'PASSWORD_PROTECT_UNSET');
-          $status = 'success';
-        }
-      }
-    }
-    # Simple participants will get an error
-    else{
-      $msg = $self->l('NOT_ALLOWED');
-    }
-    return $self->render(
-      json => {
-        msg    => $msg,
-        status => $status
-      }
-    );
-  }
   # Handle persistence
   elsif ($action eq 'setPersistent'){
     my $type = $self->param('type');