feat: add password change in settings #121
Conversation
Add ability for users to change their password from the Settings modal. Includes backend API endpoint with current password verification and frontend form with confirmation field validation.
There was a problem hiding this comment.
Pull request overview
This PR adds password change functionality to the Settings modal, allowing authenticated users to update their passwords. The implementation includes both backend API endpoint with current password verification and frontend form with confirmation field validation.
Key Changes:
- Backend API endpoint at
/api/settings/passwordwith JWT authentication and current password verification - Frontend password change form in Settings modal with validation for password length and confirmation matching
- Consistent error handling and user feedback through toast notifications
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| app/routes.py | Adds new /api/settings/password PUT endpoint with JWT authentication, current password verification via Argon2, and new password validation (minimum 4 characters) |
| client/src/components/Settings.vue | Adds password change UI section with toggle form, three password input fields (current, new, confirm), client-side validation, and API integration with proper error handling |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const changePassword = async () => { | ||
| // Validate inputs | ||
| if (!currentPassword.value) { | ||
| buefy?.toast.open({ | ||
| message: 'Please enter your current password', | ||
| type: 'is-danger', | ||
| duration: 3000, | ||
| }); | ||
| return; | ||
| } | ||
| if (!newPassword.value) { | ||
| buefy?.toast.open({ | ||
| message: 'Please enter a new password', | ||
| type: 'is-danger', | ||
| duration: 3000, | ||
| }); | ||
| return; | ||
| } | ||
| if (newPassword.value.length < 4) { | ||
| buefy?.toast.open({ | ||
| message: 'Password must be at least 4 characters', | ||
| type: 'is-danger', | ||
| duration: 3000, | ||
| }); | ||
| return; | ||
| } | ||
| if (newPassword.value !== confirmPassword.value) { | ||
| buefy?.toast.open({ | ||
| message: 'New passwords do not match', | ||
| type: 'is-danger', | ||
| duration: 3000, | ||
| }); | ||
| return; | ||
| } |
There was a problem hiding this comment.
The password change validation is missing a check to ensure the new password is different from the current password. It's a best practice to prevent users from "changing" their password to the same value, which provides no security benefit and could mask user confusion. Consider adding a validation that compares newPassword.value with currentPassword.value and displays an appropriate error message if they are identical.
Add ability for users to change their password from the Settings modal. Includes backend API endpoint with current password verification and frontend form with confirmation field validation.