Added service plan. Password change

2025-09-06 12:28:37 -04:00
parent cd3f4471cc
commit a280194079
5 changed files with 230 additions and 12 deletions
--- a/app/auth/views.py
+++ b/app/auth/views.py
@@ -86,6 +86,10 @@ def login():
    if not bcrypt.check_password_hash(user.password_hash, password):
        return jsonify({"error": "Invalid password"}), 401 # Use a more descriptive error and status code

+    # Check if user is active
+    if user.active != 1:
+        return jsonify({"error": "Please contact a manager. Login rejected"}), 401
+
    # If login is successful, return the correct structure
    return jsonify({
        "ok": True,
@@ -168,17 +172,21 @@ def register_user():


@auth.route('/change-password', methods=['POST'])
-@login_required
 def change_password():
+    auth_header = request.headers.get('Authorization')
+    if not auth_header:
+        return jsonify({"error": "Authorization header missing"}), 401
+
+    api_key = re.sub(r'^bearer\s+', '', auth_header, flags=re.IGNORECASE).strip('"')
+
+    user = db.session.query(Auth_User).filter(Auth_User.api_key == api_key).first()
+
+    if not user:
+        return jsonify({"error": "Invalid token"}), 401

    new_password = request.json["new_password"]
    new_password_confirm = request.json["password_confirm"]

-    user = db.session\
-        .query(Auth_User) \
-        .filter(Auth_User.id == current_user.id) \
-        .first()
-
    if str(new_password) != str(new_password_confirm):
        return jsonify({"error": "Error: Incorrect Passwords"}), 200

@@ -190,5 +198,49 @@ def change_password():
    
    db.session.add(user)
    db.session.commit()
-    return jsonify({"ok": "success"}), 200
+    return jsonify({"ok": True}), 200

+
+@auth.route('/admin-change-password', methods=['POST'])
+def admin_change_password():
+    auth_header = request.headers.get('Authorization')
+    if not auth_header:
+        return jsonify({"error": "Authorization header missing"}), 401
+
+    api_key = re.sub(r'^bearer\s+', '', auth_header, flags=re.IGNORECASE).strip('"')
+
+    user = db.session.query(Auth_User).filter(Auth_User.api_key == api_key).first()
+
+    if not user:
+        return jsonify({"error": "Invalid token"}), 401
+
+    if user.admin_role != 0:
+        return jsonify({"error": "Admin access required"}), 403
+
+    employee_id = request.json.get("employee_id")
+    new_password = request.json.get("new_password")
+    new_password_confirm = request.json.get("password_confirm")
+
+    if not employee_id or not new_password or not new_password_confirm:
+        return jsonify({"error": "Missing required fields"}), 400
+
+    if str(new_password) != str(new_password_confirm):
+        return jsonify({"error": "Passwords do not match"}), 400
+
+    from app.classes.employee import Employee_Employee
+    employee = db.session.query(Employee_Employee).filter(Employee_Employee.id == employee_id).first()
+    if not employee:
+        return jsonify({"error": "Employee not found"}), 404
+
+    target_user = db.session.query(Auth_User).filter(Auth_User.id == employee.user_id).first()
+    if not target_user:
+        return jsonify({"error": "User not found"}), 404
+
+    hashed_password = bcrypt.generate_password_hash(new_password).decode('utf-8')
+
+    target_user.password_hash = hashed_password
+    target_user.passwordpinallowed = 0
+
+    db.session.add(target_user)
+    db.session.commit()
+    return jsonify({"ok": True}), 200