distro-tools/apollo/server/routes/profile.py

from fastapi import APIRouter, Request, Form
from fastapi.responses import HTMLResponse

from apollo.server.utils import templates, pwd_context

router = APIRouter(tags=["non-api"])


@router.get("/", response_class=HTMLResponse)
async def profile(request: Request):
    return templates.TemplateResponse("profile.jinja", {
        "request": request,
    })


@router.post("/", response_class=HTMLResponse)
async def profile_post(
    request: Request,
    current_password: str = Form(default=None),
    new_password: str = Form(default=None),
    confirm_password: str = Form(default=None),
):
    if not current_password or not new_password or not confirm_password:
        return templates.TemplateResponse(
            "profile.jinja", {
                "request": request,
                "notification":
                    {
                        "kind": "error",
                        "title": "Please fill out all fields",
                    }
            }
        )

    actual_current_password = request.state.user.password
    if not pwd_context.verify(current_password, actual_current_password):
        return templates.TemplateResponse(
            "profile.jinja", {
                "request": request,
                "notification":
                    {
                        "kind": "error",
                        "title": "Current password is incorrect",
                    }
            }
        )

    if new_password != confirm_password:
        return templates.TemplateResponse(
            "profile.jinja", {
                "request": request,
                "notification":
                    {
                        "kind": "error",
                        "title": "New passwords do not match",
                    }
            }
        )

    if len(new_password) < 8:
        return templates.TemplateResponse(
            "profile.jinja", {
                "request": request,
                "notification":
                    {
                        "kind": "error",
                        "title": "New password must be at least 8 characters",
                    }
            }
        )

    request.state.user.password = pwd_context.hash(new_password)
    await request.state.user.save()

    return templates.TemplateResponse(
        "profile.jinja", {
            "request": request,
            "notification": {
                "kind": "success",
                "title": "Password updated",
            }
        }
    )