|
|
|
@ -184,4 +184,43 @@ def allowed_file(filename): |
|
|
|
Validate file extensions. |
|
|
|
Validate file extensions. |
|
|
|
""" |
|
|
|
""" |
|
|
|
allowed_extensions = {'png', 'jpg', 'jpeg', 'gif'} |
|
|
|
allowed_extensions = {'png', 'jpg', 'jpeg', 'gif'} |
|
|
|
return '.' in filename and filename.rsplit('.', 1)[1].lower() in allowed_extensions |
|
|
|
return '.' in filename and filename.rsplit('.', 1)[1].lower() in allowed_extensions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@profile.route('/change-password', methods=['POST']) |
|
|
|
|
|
|
|
@auth_required() |
|
|
|
|
|
|
|
def change_password(): |
|
|
|
|
|
|
|
""" |
|
|
|
|
|
|
|
Allow the logged-in user to change their password. |
|
|
|
|
|
|
|
The user must provide the current password, new password, and confirm the new password. |
|
|
|
|
|
|
|
""" |
|
|
|
|
|
|
|
user = g.current_user |
|
|
|
|
|
|
|
data = request.form |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Validate input data |
|
|
|
|
|
|
|
current_password = data.get('current_password') |
|
|
|
|
|
|
|
new_password = data.get('new_password') |
|
|
|
|
|
|
|
confirm_password = data.get('confirm_password') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not current_password or not new_password or not confirm_password: |
|
|
|
|
|
|
|
return jsonify({"error": "All fields (current_password, new_password, confirm_password) are required"}), 400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Check if current password matches the user's existing password |
|
|
|
|
|
|
|
if not check_password_hash(user.hash_password, current_password): |
|
|
|
|
|
|
|
return jsonify({"error": "Current password is incorrect"}), 400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Check if new password and confirmation match |
|
|
|
|
|
|
|
if new_password != confirm_password: |
|
|
|
|
|
|
|
return jsonify({"error": "New password and confirm password do not match"}), 400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Check for password complexity (optional) |
|
|
|
|
|
|
|
# Validate password |
|
|
|
|
|
|
|
try: |
|
|
|
|
|
|
|
password_check_sanity(new_password) |
|
|
|
|
|
|
|
except InsecurePasswordException as e: |
|
|
|
|
|
|
|
return jsonify({"error": str(e)}), 400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Update the user's password |
|
|
|
|
|
|
|
user.hash_password = generate_password_hash(new_password) |
|
|
|
|
|
|
|
db.session.commit() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return jsonify({"message": "Password updated successfully"}), 200 |
