Skip to content

feat: add password change endpoint with complexity validation#550

Draft
kaifcodec wants to merge 12 commits intothe-momentum:mainfrom
kaifcodec:feat/password-change-logic
Draft

feat: add password change endpoint with complexity validation#550
kaifcodec wants to merge 12 commits intothe-momentum:mainfrom
kaifcodec:feat/password-change-logic

Conversation

@kaifcodec
Copy link
Contributor

@kaifcodec kaifcodec commented Mar 4, 2026
edited
Loading

This PR implements the backend logic and comprehensive testing for the "Change Password" feature in the Developer Panel. It includes custom validation for password complexity and secure verification of the current password.

Changes Made:

  • Schema (developer.py):
    • Added PasswordChange model.
    • Implemented a field_validator to ensure a mix of letters and numbers (min 8 characters).
    • Added a model_validator to ensure new_password and confirm_password match.
  • API Route (auth.py):
    • Created POST /change-password endpoint.
    • Added logic to verify the user's current_password before permitting changes.
    • Integrated with developer_service.update_developer_info to handle automatic password hashing.
  • Tests (test_auth.py):
    • Added TestChangePassword class.
    • Added test cases for success, invalid current password, complexity failures, and mismatch errors.

To-Do

  • Backend: Pydantic Schema validation
  • Backend: API Route implementation
  • Backend: Unit tests for authentication logic
  • Frontend: Create "Change Password" form in React
  • Frontend: Connect UI to the new API endpoint
  • Frontend: Add success/error notifications

Closes #531

@coderabbitai
Copy link

coderabbitai bot commented Mar 4, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2b67b683-9bc4-432b-b874-3355cfddabdf

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@kaifcodec kaifcodec changed the title Feat/password change logic feat: add password change endpoint with complexity validation Mar 4, 2026
@kaifcodec
Copy link
Contributor Author

kaifcodec commented Mar 4, 2026

@KaliszS Backend is complete. I'm ready to implement the Change Password UI.
Currently, src/components/settings/ only contains providers/. Should I create a new account/ or security/ directory there for this form?

KaliszS
KaliszS requested changes Mar 4, 2026
View reviewed changes
Copy link
Collaborator

@KaliszS KaliszS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI pipeline failed. We need to fix tests and code quality for backend first. Let me know if you need assist with that! :)

Regarding your frontend question, @farce1 should be able to answer this ;)

@kaifcodec kaifcodec requested a review from KaliszS March 5, 2026 01:46
@kaifcodec
Copy link
Contributor Author

kaifcodec commented Mar 8, 2026

@KaliszS I've addressed the CI failures and the requested changes:

  • Status Codes: Updated tests to expect 400 instead of 422 to match the project's error handling.
  • Error Messages: Aligned the mismatch test assertion with the actual API output.
  • Imports & Style: Fixed the schema export and applied ruff formatting.

I've verified this in a clean environment and all 35 tests in test_auth.py are now passing.

@farce1 Any update on the frontend directory? Should I go ahead with src/components/settings/security/?

The backend is ready for another look!

@Gasiek
Copy link
Contributor

Gasiek commented Mar 10, 2026

Regarding the directory in frontend, you can go ahead with src/components/settings/security/ if security is the idea for the name of the tab for changing the password.

We will anyway need to clean up/restructure the components directory on frontend and settle on one approach where to put what @farce1 . But we will tackle that in a different PR.

KaliszS
KaliszS requested changes Mar 10, 2026
View reviewed changes
Copy link
Collaborator

@KaliszS KaliszS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are more things to improve (like JSONResponse in new endpoint with 200/204 status code response or SecretStr instead of str in pydantic model's password fields), but those issue exist in other parts of the same module, so it's something we need to fix in separate PR imho anyway.

@kaifcodec
Copy link
Contributor Author

kaifcodec commented Mar 11, 2026
edited
Loading

@KaliszS I've pushed the updates to align with your feedback:

  1. Schema Refactor: Removed the password complexity validation. I originally included it to enhance security during the password change flow, but I understand the need for consistency across the platform's current registration logic.

Let me know if there's anything else in the backend that needs adjustment before I move to the frontend.

@bartmichalak
Copy link
Contributor

bartmichalak commented Mar 11, 2026

@kaifcodec yes, you can move forward with the frontend changes - whatever needs to be addressed on the backend side, we'll handle separately.

I think a lot of people may need this change, so let's get it done! 😄

KaliszS
KaliszS approved these changes Mar 11, 2026
View reviewed changes
Copy link
Collaborator

@KaliszS KaliszS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From backend side everything is good to go, thanks!

@bartmichalak
Copy link
Contributor

bartmichalak commented Mar 11, 2026

@kaifcodec please let us know once it's ready for review (FE part)

@kaifcodec
Copy link
Contributor Author

kaifcodec commented Mar 11, 2026

@bartmichalak Ok, I will let you know. I will just go through the changes once again by myself to look for any issues or mismatches!

@kaifcodec
Copy link
Contributor Author

kaifcodec commented Mar 11, 2026

@bartmichalak Anyways I can already see the CI is failing in FE format check.

@kaifcodec
Copy link
Contributor Author

kaifcodec commented Mar 11, 2026

@bartmichalak I have fixed the frontend formatting.
Review the last 4 commits (The FE part) and let me know if there are any issues that needs to be fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KaliszS KaliszS KaliszS approved these changes

@farce1 farce1 Awaiting requested review from farce1 farce1 will be requested when the pull request is marked ready for review farce1 is a code owner

@bartmichalak bartmichalak Awaiting requested review from bartmichalak bartmichalak will be requested when the pull request is marked ready for review bartmichalak is a code owner

@czajkub czajkub Awaiting requested review from czajkub czajkub will be requested when the pull request is marked ready for review czajkub is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

developer self-service password change

4 participants

@kaifcodec @Gasiek @bartmichalak @KaliszS