More iteration

2025-11-10 15:20:11 +00:00
parent 93aeda8e83
commit f1c4ff19d6
9 changed files with 491 additions and 12 deletions
--- a/backend/app/api/v1/auth.py
+++ b/backend/app/api/v1/auth.py
@@ -10,9 +10,10 @@ from ...core.security import verify_password, get_password_hash, create_access_t
 from ...models.models import User, UserRole, PasswordResetToken
 from ...schemas import (
    UserCreate, UserResponse, Token, LoginRequest, MessageResponse,
-    ForgotPasswordRequest, ResetPasswordRequest
+    ForgotPasswordRequest, ResetPasswordRequest, ChangePasswordRequest
 )
 from ...services.email_service import email_service
+from ...api.dependencies import get_current_active_user

 router = APIRouter()

@@ -217,3 +218,27 @@ async def reset_password(
    db.commit()
    
    return {"message": "Password has been reset successfully. You can now log in with your new password."}
+
+
+@router.post("/change-password", response_model=MessageResponse)
+async def change_password(
+    request: ChangePasswordRequest,
+    current_user: User = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+):
+    """Change password for authenticated user"""
+    # Verify current password
+    if not verify_password(request.current_password, current_user.hashed_password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Current password is incorrect"
+        )
+    
+    # Update password
+    hashed_password = get_password_hash(request.new_password)
+    current_user.hashed_password = hashed_password
+    current_user.updated_at = datetime.utcnow()
+    
+    db.commit()
+    
+    return {"message": "Password has been changed successfully."}