From facc27def37230e66134fecd2cfcc830536905f2 Mon Sep 17 00:00:00 2001
From: "Manuel Weiser (aider)" <manuel.weiser@me.com>
Date: Tue, 3 Sep 2024 21:11:02 +0200
Subject: [PATCH] feat: add endpoint to change user password with validation
 for current password

---
 game_collection/user_management.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/game_collection/user_management.py b/game_collection/user_management.py
index 88f571c..fe8ea32 100644
--- a/game_collection/user_management.py
+++ b/game_collection/user_management.py
@@ -100,6 +100,22 @@ def delete_user(user_id):
     db.session.commit()
     return jsonify({'message': 'User deleted!'}), 200
 
+@user_bp.route('/users/change_password', methods=['PUT'])
+def change_password():
+    data = request.json
+    current_password = data.get('current_password')
+    new_password = data.get('new_password')
+
+    if not current_password or not new_password:
+        return jsonify({'message': 'Current and new passwords are required!'}), 400
+
+    if not check_password_hash(g.user.password, current_password):
+        return jsonify({'message': 'Current password is incorrect!'}), 401
+
+    g.user.password = generate_password_hash(new_password)
+    db.session.commit()
+    return jsonify({'message': 'Password changed successfully!'}), 200
+
 @user_bp.route('/games/<int:game_id>', methods=['PUT'])
 def edit_game(game_id):
     if not authenticate():