Add password change discovery

See https://web.dev/change-password-url/

crates/handlers/src/lib.rs

@@ -60,6 +60,10 @@ where
 {
     // All those routes are API-like, with a common CORS layer
     let api_router = Router::new()
+        .route(
+            mas_router::ChangePasswordDiscovery::route(),
+            get(|| async { mas_router::AccountPassword.go() }),
+        )
         .route(
             mas_router::OidcConfiguration::route(),
             get(self::oauth2::discovery::get),

crates/handlers/src/views/account/password.rs

@@ -54,7 +54,7 @@ pub(crate) async fn get(
     if let Some(session) = maybe_session {
         render(templates, session, cookie_jar).await
     } else {
-        let login = mas_router::Login::default();
+        let login = mas_router::Login::and_then(mas_router::PostAuthAction::ChangePassword);
         Ok((cookie_jar, login.go()).into_response())
     }
 }
@@ -92,7 +92,7 @@ pub(crate) async fn post(
     let mut session = if let Some(session) = maybe_session {
         session
     } else {
-        let login = mas_router::Login::default();
+        let login = mas_router::Login::and_then(mas_router::PostAuthAction::ChangePassword);
         return Ok((cookie_jar, login.go()).into_response());
     };
 

crates/handlers/src/views/shared.rs

@@ -38,9 +38,10 @@ impl OptionalPostAuthAction {
         match &self.post_auth_action {
             Some(PostAuthAction::ContinueAuthorizationGrant { data }) => {
                 let grant = get_grant_by_id(conn, *data).await?;
-                let grant = grant.into();
+                let grant = Box::new(grant.into());
                 Ok(Some(PostAuthContext::ContinueAuthorizationGrant { grant }))
             }
+            Some(PostAuthAction::ChangePassword) => Ok(Some(PostAuthContext::ChangePassword)),
             None => Ok(None),
         }
     }

crates/router/src/endpoints.rs

@@ -23,6 +23,7 @@ pub enum PostAuthAction {
         #[serde(deserialize_with = "serde_with::rust::display_fromstr::deserialize")]
         data: i64,
     },
+    ChangePassword,
 }
 
 impl PostAuthAction {
@@ -35,6 +36,7 @@ impl PostAuthAction {
     pub fn go_next(&self) -> axum::response::Redirect {
         match self {
             Self::ContinueAuthorizationGrant { data } => ContinueAuthorizationGrant(*data).go(),
+            Self::ChangePassword => AccountPassword.go(),
         }
     }
 }
@@ -55,6 +57,13 @@ impl SimpleRoute for Webfinger {
     const PATH: &'static str = "/.well-known/webfinger";
 }
 
+/// `GET /.well-known/change-password`
+pub struct ChangePasswordDiscovery;
+
+impl SimpleRoute for ChangePasswordDiscovery {
+    const PATH: &'static str = "/.well-known/change-password";
+}
+
 /// `GET /oauth2/keys.json`
 #[derive(Debug, Clone)]
 pub struct OAuth2Keys;

crates/templates/src/context.rs

@@ -245,8 +245,11 @@ pub enum PostAuthContext {
     /// Continue an authorization grant
     ContinueAuthorizationGrant {
         /// The authorization grant that will be continued after authentication
-        grant: AuthorizationGrant<()>,
+        grant: Box<AuthorizationGrant<()>>,
     },
+
+    /// Change the account password
+    ChangePassword,
 }
 
 /// Context used by the `login.html` template