Added password change command

basicbot.py

@@ -132,10 +132,30 @@ Sintassi: `/sync <username> <password>`"""
         await update.message.chat.send_message(bot, "⚠ Username o password non validi.")
 
 
+async def changepassword(bot, update, arguments):
+    """Cambia la tua password del Database Royal Games.
+
+Sintassi: `/changepassword <username> <oldpassword> <newpassword>`"""
+    if len(arguments) != 3:
+        await update.message.chat.send_message(bot, "⚠ Sintassi del comando non valida.\n`/sync <username> <password>`")
+        return
+    # TODO: this can be improved
+    # Try to login
+    _, logged_user = database.login(arguments[0], arguments[1])
+    # Check if the login is successful
+    if logged_user is not None:
+        # Change the password
+        database.change_password(logged_user.username, arguments[2])
+        await update.message.chat.send_message(bot, f"Il cambio password è riuscito!\n\n_Info per smanettoni: la tua password è hashata nel database come_ `{logged_user.password}`.")
+    else:
+        await update.message.chat.send_message(bot, "⚠ Username o password non validi.")
+
+
 if __name__ == "__main__":
     b.commands["leggi"] = leggi
     b.commands["diario"] = diario
     b.commands["discord"] = discord
     b.commands["sync"] = sync
+    b.commands["changepassword"] = changepassword
     b.commands["help"] = help
     b.run()

database.py

@@ -3,6 +3,14 @@ from sqlalchemy.orm import sessionmaker
 from sqlalchemy.ext.declarative import declarative_base
 import bcrypt
 
+class NoUsersMatchingError(Exception):
+    pass
+
+
+class InvalidPasswordError(Exception):
+    pass
+
+
 # Initialize the database
 engine = create_engine("sqlite:///db.sqlite")
 Base = declarative_base()
@@ -35,7 +43,24 @@ def create_user(username, password, royal=False):
     # Commit the changes
     session.commit()
 
-def login(username, password):
+
+# TODO: check for vulnerabilities
+def change_password(username, newpassword):
+    # Create a new session
+    session = Session()
+    # Hash the new password using bcrypt
+    hashed_password = bcrypt.hashpw(newpassword.encode("utf8"), bcrypt.gensalt())
+    # Find the user entry
+    users = session.query(User).filter_by(username=username).all()
+    if len(users) == 0:
+        raise NoUsersMatchingError("No users with the specified username found.")
+    db_user = users[0]
+    # Change the password and commit
+    db_user.password = hashed_password
+    session.commit()
+
+
+def login(username, password, enable_exceptions=False):
     """Try to login using the database password. The session is always returned, while the user object is returned if the login is successful."""
     # Create a new session
     session = Session()
@@ -43,13 +68,18 @@ def login(username, password):
     users = session.query(User).filter(User.username == username).all()
     # No user with a matching username found
     if len(users) == 0:
-        return session, None
+        if enable_exceptions:
+            raise NoUsersMatchingError("No users with the specified username found.")
         else:
+            return session, None
     db_user = users[0]
     # Test the password and return the session and the user if successful
     if bcrypt.hashpw(password.encode("utf8"), db_user.password) == db_user.password:
         # TODO: Maybe there's a better way to do this?
         return session, db_user
+    else:
+        if enable_exceptions:
+            raise InvalidPasswordError("The specified password doesn't match the user's.")
         else:
             return session, None