feat: change password frontend added

backend/apps/web/routers/auths.py

@@ -62,12 +62,16 @@ async def get_session_user(cred=Depends(bearer_scheme)):
 @router.post("/update/password", response_model=bool)
 async def update_password(form_data: UpdatePasswordForm, cred=Depends(bearer_scheme)):
     token = cred.credentials
-    user = Users.get_user_by_token(token)
+    session_user = Users.get_user_by_token(token)
 
-    if user:
-        hashed = get_password_hash(form_data.new_password)
-        return Auths.update_user_password_by_id(user.id, form_data.password, hashed)
+    if session_user:
+        user = Auths.authenticate_user(session_user.email, form_data.password)
 
+        if user:
+            hashed = get_password_hash(form_data.new_password)
+            return Auths.update_user_password_by_id(user.id, form_data.password, hashed)
+        else:
+            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_PASSWORD)
     else:
         raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
 

backend/constants.py

@@ -21,6 +21,9 @@ class ERROR_MESSAGES(str, Enum):
         "Your session has expired or the token is invalid. Please sign in again."
     )
     INVALID_CRED = "The email or password provided is incorrect. Please check for typos and try logging in again."
+    INVALID_PASSWORD = (
+        "The password provided is incorrect. Please check for typos and try again."
+    )
     UNAUTHORIZED = "401 Unauthorized"
     ACCESS_PROHIBITED = "You do not have permission to access this resource. Please contact your administrator for assistance."
     ACTION_PROHIBITED = (