rattail/tailbone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add API view for changing current user password

Browse source
This commit is contained in:
Lance Edgar 2020-02-12 17:32:18 -06:00
parent da16f25cf2
commit 5e028ce547
1 changed files with 30 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
tailbone/api/auth.py
View file

@ -2,7 +2,7 @@
################################################################################ ################################################################################
# #
# Rattail -- Retail Software Framework # Rattail -- Retail Software Framework
# Copyright © 2010-2018 Lance Edgar # Copyright © 2010-2020 Lance Edgar
# #
# This file is part of Rattail. # This file is part of Rattail.
# #
@ -26,7 +26,7 @@ Tailbone Web API - Auth Views
from __future__ import unicode_literals, absolute_import from __future__ import unicode_literals, absolute_import
from rattail.db.auth import authenticate_user from rattail.db.auth import authenticate_user, set_user_password
from tailbone.api import APIView, api from tailbone.api import APIView, api
from tailbone.db import Session from tailbone.db import Session
@ -139,6 +139,30 @@ class AuthenticationView(APIView):
'user': self.get_user_info(self.request.user), 'user': self.get_user_info(self.request.user),
} }
@api
def change_password(self):
"""
View which allows a user to change their password.
"""
if self.request.method == 'OPTIONS':
return self.request.response
if not self.request.user:
raise self.forbidden()
data = self.request.json_body
# first make sure "current" password is accurate
if not authenticate_user(Session(), self.request.user, data['current_password']):
return {'error': "The current/old password you provided is incorrect"}
# okay then, set new password
set_user_password(self.request.user, data['new_password'])
return {
'ok': True,
'user': self.get_user_info(self.request.user),
}
@classmethod @classmethod
def defaults(cls, config): def defaults(cls, config):
cls._auth_defaults(config) cls._auth_defaults(config)
@ -166,6 +190,10 @@ class AuthenticationView(APIView):
config.add_route('api.stop_root', '/stop-root', request_method=('OPTIONS', 'POST')) config.add_route('api.stop_root', '/stop-root', request_method=('OPTIONS', 'POST'))
config.add_view(cls, attr='stop_root', route_name='api.stop_root', renderer='json') config.add_view(cls, attr='stop_root', route_name='api.stop_root', renderer='json')
# change password
config.add_route('api.change_password', '/change-password', request_method=('OPTIONS', 'POST'))
config.add_view(cls, attr='change_password', route_name='api.change_password', renderer='json')
def includeme(config): def includeme(config):
AuthenticationView.defaults(config) AuthenticationView.defaults(config)