diff options
| author | l3wdfut4pwr <l3wdfut4pwr@gmail.com> | 2026-04-27 22:42:54 +0300 |
|---|---|---|
| committer | l3wdfut4pwr <l3wdfut4pwr@gmail.com> | 2026-04-27 22:42:54 +0300 |
| commit | 5d18f873e9b72bd00d69e42a10c566d44a0c5255 (patch) | |
| tree | d2f2abae1e8a8463abea77426e4be9b9653ad3e3 /app/routes/users | |
| parent | cf6d551f7837878a198d1a988a9ba32f90473e3a (diff) | |
add password change
Diffstat (limited to 'app/routes/users')
| -rw-r--r-- | app/routes/users/security.py | 0 | ||||
| -rw-r--r-- | app/routes/users/user.py | 55 |
2 files changed, 53 insertions, 2 deletions
diff --git a/app/routes/users/security.py b/app/routes/users/security.py deleted file mode 100644 index e69de29..0000000 --- a/app/routes/users/security.py +++ /dev/null diff --git a/app/routes/users/user.py b/app/routes/users/user.py index 8b0b4f5..ed0e898 100644 --- a/app/routes/users/user.py +++ b/app/routes/users/user.py @@ -1,11 +1,12 @@ -from fastapi import APIRouter, Depends, HTTPException +from fastapi import APIRouter, Body, Depends, HTTPException from sqlalchemy.ext.asyncio import AsyncSession from app.auth.dependencies import get_current_user from app.models.user import User from app.schemas.profile import DescriptionUpdate -from app.schemas.user import UserRead +from app.schemas.user import ChangeEmail, ChangePassword, UserRead from app.utils.db import get_async_session +from app.utils.hash_cfg import hash_password, verify_password router = APIRouter(prefix="/users", tags=["users"]) @@ -41,3 +42,53 @@ async def update_description( await session.refresh(profile) return {"description": profile.description} + + +@router.patch("/email") +async def change_email( + data: ChangeEmail = Body(...), + user: User = Depends(get_current_user), + session: AsyncSession = Depends(get_async_session), +): + user.email = data.email + + session.add(user) + await session.commit() + await session.refresh(user) + + return {"email": user.email} + + +@router.patch("/password") +async def change_password( + data: ChangePassword = Body(...), + user: User = Depends(get_current_user), + session: AsyncSession = Depends(get_async_session), +): + if not user.password: + raise HTTPException(status_code=400, detail="User has no password set") + + if not verify_password(data.current_password, user.password): + raise HTTPException( + status_code=400, + detail="Invalid current password", + ) + + if verify_password(data.new_password, user.password): + raise HTTPException( + status_code=400, + detail="New password must be different from current password", + ) + + hashed = hash_password(data.new_password) + + user.password = hashed + + session.add(user) + await session.commit() + await session.refresh(user) + + return { + "success": True, + "message": "Password updated successfully", + } |