chore: change password endpoint (#2842)

apiserver/plane/app/serializers/user.py

@@ -155,6 +155,16 @@ class ChangePasswordSerializer(serializers.Serializer):
     """
     old_password = serializers.CharField(required=True)
     new_password = serializers.CharField(required=True)
+    confirm_password = serializers.CharField(required=True)
+
+    def validate(self, data):
+        if data.get("old_password") == data.get("new_password"):
+            raise serializers.ValidationError("New password cannot be same as old password.")
+
+        if data.get("new_password") != data.get("confirm_password"):
+            raise serializers.ValidationError("confirm password should be same as the new password.")
+
+        return data
 
 
 class ResetPasswordSerializer(serializers.Serializer):

apiserver/plane/app/views/auth_extended.py

@@ -131,21 +131,13 @@ class ChangePasswordEndpoint(BaseAPIView):
 
         user = User.objects.get(pk=request.user.id)
         if serializer.is_valid():
-            # Check old password
-            if not user.object.check_password(serializer.data.get("old_password")):
+            if not user.check_password(serializer.data.get("old_password")):
                 return Response(
                     {"old_password": ["Wrong password."]},
                     status=status.HTTP_400_BAD_REQUEST,
                 )
             # set_password also hashes the password that the user will get
-            self.object.set_password(serializer.data.get("new_password"))
-            self.object.save()
-            response = {
-                "status": "success",
-                "code": status.HTTP_200_OK,
-                "message": "Password updated successfully",
-            }
-
-            return Response(response)
-
+            user.set_password(serializer.data.get("new_password"))
+            user.save()
+            return Response({"message": "Password updated successfully"}, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)