diff --git a/app/models/user_models.py b/app/models/user_models.py index a5bf1b9..cfc3393 100644 --- a/app/models/user_models.py +++ b/app/models/user_models.py @@ -257,6 +257,7 @@ class User_Base(BaseModel): email: Optional[str] email_verified: Optional[bool] password: Optional[str] + current_password: Optional[str] new_password: Optional[str] allow_auth_key: Optional[int] diff --git a/app/routers/user.py b/app/routers/user.py index 554277f..4d7d536 100644 --- a/app/routers/user.py +++ b/app/routers/user.py @@ -82,7 +82,8 @@ async def post_user_obj_new( @router.patch('/user/{user_id}/change_password', response_model=Resp_Body_Base) async def user_obj_change_password( user_id: Union[int,str], - user_obj: User_Base, + # user_obj: User_Base, + user_dict: dict, # User_Base, return_obj: bool = False, inc_user_role_list: bool = False, # inc_contact: bool = False, @@ -93,7 +94,10 @@ async def user_obj_change_password( log.setLevel(logging.INFO) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL log.debug(locals()) - if password := user_obj.password: pass + # if password := user_obj.password: pass + # else: return mk_resp(data=False, status_code=400, status_message='The new password is required.', response=commons.response) # Bad Request + + if password := user_dict.get('password'): pass else: return mk_resp(data=False, status_code=400, status_message='The new password is required.', response=commons.response) # Bad Request generated_password = None @@ -227,7 +231,7 @@ async def user_authenticate( inc_person: bool = False, commons: Common_Route_Params = Depends(common_route_params), ): - log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL log.debug(locals()) account_id = commons.x_account_id @@ -391,13 +395,18 @@ async def user_verify_password( return_obj: bool = False, commons: Common_Route_Params = Depends(common_route_params), ): - log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL log.debug(locals()) account_id = commons.x_account_id - if password := user_obj.password: pass - else: return mk_resp(data=False, status_code=400, status_message='The password to verify is required.', response=commons.response) # Bad Request + log.debug(user_obj) + log.debug(user_obj.id_random) + log.debug(user_obj.current_password) + log.debug(user_obj.username) + + if current_password := user_obj.current_password: pass + else: return mk_resp(data=False, status_code=400, status_message='The current password to verify is required.', response=commons.response) # Bad Request if user_id_random := user_obj.id_random: # Use id_random instead of user_id_random when getting from User model. log.info(f'Using the user ID to look up the user. User ID: {user_id_random}') @@ -417,7 +426,7 @@ async def user_verify_password( if password_hash := user_rec_result.get('password', None): username = user_rec_result.get('username', None) - if verify_secure_hash_string(string=password, string_hash=password_hash): + if verify_secure_hash_string(string=current_password, string_hash=password_hash): log.info(f'The username was found, and the password matched. Log in allowed if the account is enabled. Account ID: {account_id}, Username: {username}') return mk_resp(data=True, response=commons.response) @@ -450,7 +459,7 @@ async def user_verify_password( user_id = user_rec_result.get('user_id', None) if password_hash := user_rec_result.get('password', None): - if verify_secure_hash_string(string=password, string_hash=password_hash): + if verify_secure_hash_string(string=current_password, string_hash=password_hash): log.info(f'The username was found, and the password matched. Log in allowed if the account is enabled. Account ID: {account_id}, Username: {username}') return mk_resp(data=True, response=commons.response)