From 99c0411370af5aed97b807fe9f443018c233a8d1 Mon Sep 17 00:00:00 2001
From: Kushal Dotel <kushal.dotel@study.lbef.edu.np>
Date: Sat, 11 Jan 2025 22:05:17 +0545
Subject: [PATCH] feat: add change password

---
 backend/blueprints/profile/__init__.py |  41 ++++++++++++++++++++++++-
 backend/blueprints/session/__init__.py |   1 +
 backend/requirements.txt               | Bin 1648 -> 1722 bytes
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/backend/blueprints/profile/__init__.py b/backend/blueprints/profile/__init__.py
index 47717ee..4dbd24c 100644
--- a/backend/blueprints/profile/__init__.py
+++ b/backend/blueprints/profile/__init__.py
@@ -184,4 +184,43 @@ def allowed_file(filename):
     Validate file extensions.
     """
     allowed_extensions = {'png', 'jpg', 'jpeg', 'gif'}
-    return '.' in filename and filename.rsplit('.', 1)[1].lower() in allowed_extensions
\ No newline at end of file
+    return '.' in filename and filename.rsplit('.', 1)[1].lower() in allowed_extensions
+
+@profile.route('/change-password', methods=['POST'])
+@auth_required()
+def change_password():
+    """
+    Allow the logged-in user to change their password.
+    The user must provide the current password, new password, and confirm the new password.
+    """
+    user = g.current_user
+    data = request.form
+
+    # Validate input data
+    current_password = data.get('current_password')
+    new_password = data.get('new_password')
+    confirm_password = data.get('confirm_password')
+
+    if not current_password or not new_password or not confirm_password:
+        return jsonify({"error": "All fields (current_password, new_password, confirm_password) are required"}), 400
+
+    # Check if current password matches the user's existing password
+    if not check_password_hash(user.hash_password, current_password):
+        return jsonify({"error": "Current password is incorrect"}), 400
+
+    # Check if new password and confirmation match
+    if new_password != confirm_password:
+        return jsonify({"error": "New password and confirm password do not match"}), 400
+
+    # Check for password complexity (optional)
+    # Validate password
+    try:
+        password_check_sanity(new_password)
+    except InsecurePasswordException as e:
+        return jsonify({"error": str(e)}), 400
+
+    # Update the user's password
+    user.hash_password = generate_password_hash(new_password)
+    db.session.commit()
+
+    return jsonify({"message": "Password updated successfully"}), 200
\ No newline at end of file
diff --git a/backend/blueprints/session/__init__.py b/backend/blueprints/session/__init__.py
index 6462e2b..4f17280 100644
--- a/backend/blueprints/session/__init__.py
+++ b/backend/blueprints/session/__init__.py
@@ -95,3 +95,4 @@ def logout():
     target_session.isValid = False
     db.session.commit()
     return jsonify({'message': 'Session invalidated'}), 200
+
diff --git a/backend/requirements.txt b/backend/requirements.txt
index f94a1e5bfb2c1a4b27c6e2cf71f300287a6a8c19..00d1233fc1d4391709653b08448c7a753ec3bd34 100644
GIT binary patch
delta 78
zcmeysvx|2_2&-cNLnT81gA0QjgAs!*5E?V+F&F@`Ap<W17efJ1wuB*rA)g_SL6;!~
VNS83A0@-C?wT2+Io4r|8839u>4fOy3

delta 12
TcmdnR`+;Xe2<zr~tTK!MAxH#3