From f9590929dc62b3733bb3a2d7663909a99e672fb4 Mon Sep 17 00:00:00 2001 From: Bavisetti Narayan <72156168+NarayanBavisetti@users.noreply.github.com> Date: Thu, 23 Nov 2023 13:44:50 +0530 Subject: [PATCH] chore: change password endpoint (#2842) --- apiserver/plane/app/serializers/user.py | 10 ++++++++++ apiserver/plane/app/views/auth_extended.py | 16 ++++------------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/apiserver/plane/app/serializers/user.py b/apiserver/plane/app/serializers/user.py index e073a0a52..46ab3c4a4 100644 --- a/apiserver/plane/app/serializers/user.py +++ b/apiserver/plane/app/serializers/user.py @@ -155,6 +155,16 @@ class ChangePasswordSerializer(serializers.Serializer): """ old_password = serializers.CharField(required=True) new_password = serializers.CharField(required=True) + confirm_password = serializers.CharField(required=True) + + def validate(self, data): + if data.get("old_password") == data.get("new_password"): + raise serializers.ValidationError("New password cannot be same as old password.") + + if data.get("new_password") != data.get("confirm_password"): + raise serializers.ValidationError("confirm password should be same as the new password.") + + return data class ResetPasswordSerializer(serializers.Serializer): diff --git a/apiserver/plane/app/views/auth_extended.py b/apiserver/plane/app/views/auth_extended.py index 5abd696fe..da3130e64 100644 --- a/apiserver/plane/app/views/auth_extended.py +++ b/apiserver/plane/app/views/auth_extended.py @@ -131,21 +131,13 @@ class ChangePasswordEndpoint(BaseAPIView): user = User.objects.get(pk=request.user.id) if serializer.is_valid(): - # Check old password - if not user.object.check_password(serializer.data.get("old_password")): + if not user.check_password(serializer.data.get("old_password")): return Response( {"old_password": ["Wrong password."]}, status=status.HTTP_400_BAD_REQUEST, ) # set_password also hashes the password that the user will get - self.object.set_password(serializer.data.get("new_password")) - self.object.save() - response = { - "status": "success", - "code": status.HTTP_200_OK, - "message": "Password updated successfully", - } - - return Response(response) - + user.set_password(serializer.data.get("new_password")) + user.save() + return Response({"message": "Password updated successfully"}, status=status.HTTP_200_OK) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)