jamesp/sasa-membership
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More iteration

Browse Source
This commit is contained in:
James Pattinson
2025-11-10 15:20:11 +00:00
parent 93aeda8e83
commit f1c4ff19d6
9 changed files with 491 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
backend/app/api/v1/auth.py
View File

@@ -10,9 +10,10 @@ from ...core.security import verify_password, get_password_hash, create_access_t
from ...models.models import User, UserRole, PasswordResetToken
from ...schemas import (
UserCreate, UserResponse, Token, LoginRequest, MessageResponse,
ForgotPasswordRequest, ResetPasswordRequest
ForgotPasswordRequest, ResetPasswordRequest, ChangePasswordRequest
)
from ...services.email_service import email_service
from ...api.dependencies import get_current_active_user
router = APIRouter()
@@ -217,3 +218,27 @@ async def reset_password(
db.commit()
return {"message": "Password has been reset successfully. You can now log in with your new password."}
@router.post("/change-password", response_model=MessageResponse)
async def change_password(
request: ChangePasswordRequest,
current_user: User = Depends(get_current_active_user),
db: Session = Depends(get_db)
):
"""Change password for authenticated user"""
# Verify current password
if not verify_password(request.current_password, current_user.hashed_password):
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Current password is incorrect"
)
# Update password
hashed_password = get_password_hash(request.new_password)
current_user.hashed_password = hashed_password
current_user.updated_at = datetime.utcnow()
db.commit()
return {"message": "Password has been changed successfully."}

26
backend/app/api/v1/users.py
View File

@@ -65,6 +65,32 @@ async def get_user(
return user
@router.put("/{user_id}", response_model=UserResponse)
async def update_user(
user_id: int,
user_update: UserUpdate,
current_user: User = Depends(get_admin_user),
db: Session = Depends(get_db)
):
"""Update user by ID (admin only)"""
user = db.query(User).filter(User.id == user_id).first()
if not user:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
update_data = user_update.model_dump(exclude_unset=True)
for field, value in update_data.items():
setattr(user, field, value)
db.commit()
db.refresh(user)
return user
@router.delete("/{user_id}", response_model=MessageResponse)
async def delete_user(
user_id: int,