feat: add password change functionality

- Add password change button to sidebar account menu - Create PasswordChangeDialog component with shadcn UI components - Implement backend API endpoint /api/v1/user/change-password - Add form validation with current password verification - Include internationalization support for Chinese and English - Add proper error handling and success notifications Co-Authored-By: Rock <rockchinq@gmail.com>
2026-06-05 05:16:03 +00:00 · 2025-08-17 03:03:36 +00:00
parent 29f0075bd8
commit dd30d08c68
7 changed files with 257 additions and 0 deletions
--- a/pkg/api/http/controller/groups/user.py
+++ b/pkg/api/http/controller/groups/user.py
@@ -67,3 +67,19 @@ class UserRouterGroup(group.RouterGroup):
            await self.ap.user_service.reset_password(user_email, new_password)

            return self.success(data={'user': user_email})
+
+        @self.route('/change-password', methods=['POST'], auth_type=group.AuthType.USER_TOKEN)
+        async def _(user_email: str) -> str:
+            json_data = await quart.request.json
+            
+            current_password = json_data['current_password']
+            new_password = json_data['new_password']
+            
+            try:
+                await self.ap.user_service.change_password(user_email, current_password, new_password)
+            except argon2.exceptions.VerifyMismatchError:
+                return self.http_status(400, -1, 'Current password is incorrect')
+            except ValueError as e:
+                return self.http_status(400, -1, str(e))
+            
+            return self.success(data={'user': user_email})
--- a/pkg/api/http/service/user.py
+++ b/pkg/api/http/service/user.py
@@ -82,3 +82,18 @@ class UserService:
        await self.ap.persistence_mgr.execute_async(
            sqlalchemy.update(user.User).where(user.User.user == user_email).values(password=hashed_password)
        )
+
+    async def change_password(self, user_email: str, current_password: str, new_password: str) -> None:
+        ph = argon2.PasswordHasher()
+        
+        user_obj = await self.get_user_by_email(user_email)
+        if user_obj is None:
+            raise ValueError('User not found')
+        
+        ph.verify(user_obj.password, current_password)
+        
+        hashed_password = ph.hash(new_password)
+        
+        await self.ap.persistence_mgr.execute_async(
+            sqlalchemy.update(user.User).where(user.User.user == user_email).values(password=hashed_password)
+        )