feat: add endpoint to change user password with validation for current password

2024-09-03 21:11:02 +02:00
parent c5ec574873
commit facc27def3
1 changed files with 16 additions and 0 deletions
--- a/game_collection/user_management.py
+++ b/game_collection/user_management.py
@@ -100,6 +100,22 @@ def delete_user(user_id):
    db.session.commit()
    return jsonify({'message': 'User deleted!'}), 200

+@user_bp.route('/users/change_password', methods=['PUT'])
+def change_password():
+    data = request.json
+    current_password = data.get('current_password')
+    new_password = data.get('new_password')
+
+    if not current_password or not new_password:
+        return jsonify({'message': 'Current and new passwords are required!'}), 400
+
+    if not check_password_hash(g.user.password, current_password):
+        return jsonify({'message': 'Current password is incorrect!'}), 401
+
+    g.user.password = generate_password_hash(new_password)
+    db.session.commit()
+    return jsonify({'message': 'Password changed successfully!'}), 200
+
@user_bp.route('/games/<int:game_id>', methods=['PUT'])
 def edit_game(game_id):
    if not authenticate():