Skip to content
Snippets Groups Projects
Commit 33f68873 authored by Jennifer Lindgren's avatar Jennifer Lindgren
Browse files

Backend: Change password functionality

parent 1d9f1ee9
No related branches found
No related tags found
No related merge requests found
...@@ -133,6 +133,35 @@ def sign_in(): ...@@ -133,6 +133,35 @@ def sign_in():
'message': message 'message': message
}), status) }), status)
@app.route('/api/change_password', methods=['POST', 'PUT'])
@jwt_required
def change_password():
username = request.json['username']
user = db.get_user_from_username(username)
oldPassword = request.json['oldPassword']
newPassword = request.json['newPassword']
if (not user):
return generate_response(jsonify({
'success': False,
'message': 'No user with that username'
}), BAD_REQUEST_STATUS_CODE)
elif not is_valid_credentials(username, oldPassword):
return generate_response(jsonify({
'success': False,
'message': 'Old password was incorrect'
}),UNAUTHORIZED_STATUS_CODE)
elif (not is_valid_password(newPassword)):
return generate_response(jsonify({
'success': False,
'message': 'New password does not fulfill requirements'
}), BAD_REQUEST_STATUS_CODE)
else:
updated_user = db.change_password(
username,
flask_bcrypt.generate_password_hash(newPassword).decode('utf-8')
)
return generate_response(db.user_schema.jsonify(updated_user), OK_STATUS_CODE)
@app.route('/api/user', methods=['GET']) @app.route('/api/user', methods=['GET'])
@jwt_required @jwt_required
def get_users_request(): def get_users_request():
...@@ -145,34 +174,6 @@ def get_user_request(id): ...@@ -145,34 +174,6 @@ def get_user_request(id):
return generate_response(db.user_schema.jsonify(db.get_user(id)), return generate_response(db.user_schema.jsonify(db.get_user(id)),
OK_STATUS_CODE) OK_STATUS_CODE)
@app.route('/api/user/<id>', methods=['PUT'])
@jwt_required
def update_user_request(id):
email = request.json['email']
username = request.json['username']
password = request.json['password']
if (email != db.getEmailById(id) and
not db.is_unregistered_email(email)):
return generate_response(jsonify({
'success': False,
'message': 'User with that email already exists'
}), CONFLICT_STATUS_CODE)
elif (username != db.get_username_by_id(id) and
not db.is_unregistered_username(username)):
return generate_response(jsonify({
'success': False,
'message': 'User with that username already exists'
}), CONFLICT_STATUS_CODE)
elif (not is_valid_password(password)):
return generate_response(jsonify({
'success': False,
'message': 'Password does not fulfill requirements'
}), BAD_REQUEST_STATUS_CODE)
else:
updated_user = db.User(email, username, password)
return generate_response(db.user_schema.jsonify(db.update_user(id, updated_user)),
OK_STATUS_CODE)
@app.route('/api/user/<id>', methods=['DELETE']) @app.route('/api/user/<id>', methods=['DELETE'])
@jwt_required @jwt_required
def delete_user_request(id): def delete_user_request(id):
......
...@@ -76,8 +76,7 @@ def get_user_from_username(username): ...@@ -76,8 +76,7 @@ def get_user_from_username(username):
return User.query.filter_by(username=username).first() return User.query.filter_by(username=username).first()
def get_username_from_email(email): def get_username_from_email(email):
user = User.query.filter_by(email=email).first() return get_user_from_email(email).username
return user.username
def is_valid_email_password(email, password): def is_valid_email_password(email, password):
user = get_user_from_email(email) user = get_user_from_email(email)
...@@ -88,3 +87,9 @@ def is_valid_username_password(username, password): ...@@ -88,3 +87,9 @@ def is_valid_username_password(username, password):
user = get_user_from_username(username) user = get_user_from_username(username)
valid_password = user.password if user else None valid_password = user.password if user else None
return password != None and password == valid_password return password != None and password == valid_password
def change_password(username, newPassword):
user = get_user_from_username(username)
user.password = newPassword
db.session.commit()
return user
No preview for this file type
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment