fixing login to not display the demo creds

2025-12-17 07:24:34 +01:00 · 2025-09-06 12:10:39 +02:00
parent befe96c20b
commit 3904d7e88f
13 changed files with 1282 additions and 195 deletions
--- a/backend/app/api/v1/auth.py
+++ b/backend/app/api/v1/auth.py
@@ -88,6 +88,23 @@ class RefreshTokenRequest(BaseModel):
    refresh_token: str


+class ChangePasswordRequest(BaseModel):
+    current_password: str
+    new_password: str
+    
+    @validator('new_password')
+    def validate_new_password(cls, v):
+        if len(v) < 8:
+            raise ValueError('Password must be at least 8 characters long')
+        if not any(c.isupper() for c in v):
+            raise ValueError('Password must contain at least one uppercase letter')
+        if not any(c.islower() for c in v):
+            raise ValueError('Password must contain at least one lowercase letter')
+        if not any(c.isdigit() for c in v):
+            raise ValueError('Password must contain at least one digit')
+        return v
+
+
@router.post("/register", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
 async def register(
    user_data: UserRegisterRequest,
@@ -276,4 +293,39 @@ async def verify_user_token(
        "valid": True,
        "user_id": current_user["id"],
        "email": current_user["email"]
-    }
+    }
+
+
+@router.post("/change-password")
+async def change_password(
+    password_data: ChangePasswordRequest,
+    current_user: dict = Depends(get_current_active_user),
+    db: AsyncSession = Depends(get_db)
+):
+    """Change user password"""
+    
+    # Get user from database
+    stmt = select(User).where(User.id == int(current_user["id"]))
+    result = await db.execute(stmt)
+    user = result.scalar_one_or_none()
+    
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found"
+        )
+    
+    # Verify current password
+    if not verify_password(password_data.current_password, user.hashed_password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Current password is incorrect"
+        )
+    
+    # Update password
+    user.hashed_password = get_password_hash(password_data.new_password)
+    user.updated_at = datetime.utcnow()
+    
+    await db.commit()
+    
+    return {"message": "Password changed successfully"}