nessi/cluedo-hp-webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add password change functionality to user settings

Browse Source 
Implemented a secure password change endpoint in the backend with validation. Enhanced the frontend to include a modal for updating the user's password, ensuring real-time input validation and user feedback.
This commit is contained in:
Sascha Nesterovic
2026-02-03 20:24:20 +01:00
parent bf37850e79
commit 7036f29481
2 changed files with 215 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
backend/app/routes/auth.py
View File

@@ -2,7 +2,7 @@ from fastapi import APIRouter, Depends, HTTPException, Request, Response
from sqlalchemy.orm import Session
from ..db import get_db
from ..models import User
from ..security import verify_password, make_session_value, set_session, clear_session, get_session_user_id
from ..security import verify_password, make_session_value, set_session, clear_session, get_session_user_id, hash_password
router = APIRouter(prefix="/auth", tags=["auth"])
@@ -30,4 +30,23 @@ def me(req: Request, db: Session = Depends(get_db)):
if not user:
raise HTTPException(status_code=401, detail="not logged in")
return {"id": user.id, "email": user.email, "role": user.role}
@router.patch("/password")
def set_password(data: dict, req: Request, db: Session = Depends(get_db)):
uid = get_session_user_id(req)
if not uid:
raise HTTPException(status_code=401, detail="not logged in")
password = data.get("password") or ""
if len(password) < 8:
raise HTTPException(status_code=400, detail="password too short (min 8)")
user = db.query(User).filter(User.id == uid, User.disabled == False).first()
if not user:
raise HTTPException(status_code=401, detail="not logged in")
user.password_hash = hash_password(password)
db.add(user)
db.commit()
return {"ok": True}