Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT] API Endpoint for Password Update #31

Open
7 tasks
IsraelBO17 opened this issue Jul 18, 2024 · 1 comment
Open
7 tasks

[FEAT] API Endpoint for Password Update #31

IsraelBO17 opened this issue Jul 18, 2024 · 1 comment
Labels
auth Issues categorised by authentication and users

Comments

@IsraelBO17
Copy link

IsraelBO17 commented Jul 18, 2024
edited
Loading

Description

Create an API endpoint that allows users to update their passwords with input validation and proper security measures.

Acceptance Criteria

  • The endpoint should be accessible at POST /api/v1/auth/password-update
  • The endpoint should accept HTTP POST requests.
  • The endpoint should be secured to ensure that only authenticated users can update their passwords.
  • Proper authentication mechanisms (e.g., JWT, OAuth2) should be implemented.
  • Requests to the endpoint must include a valid authentication token in the Authorization header. Authorization: Bearer <token>
  • Request body
{
 “current_password”: “CurrentPassword123",
 “new_password”: “NewPassword123"
}
  • Response
  • On a successful change of the password, the API should return a 200 OK status code.
  • The response body should contain status and a message
{
  “status”: “success”,
  “message”: “Password updated successfully”
}
  • Validation
  • If any required field is missing or invalid, the API should return a 400 Bad Request status code with appropriate validation error messages.
{
  “status”: “unsuccessful”,
  “message”: “field must be provided”
 }
  • If the current password is invalid, THE API should return a 400 Bad Request status code with the appropriate message.
{
 “status_code”: 400,
 “message”: “Current password is incorrect”
}
  • If the new password is weak, the API should return a 400 Bad Request status code with the appropriate message.
{
  “status_code”: 400,
  “message”: “New password does not meet security requirements”,
  “error”: “Bad Request”
}

Purpose

Provides a secure backend service that allows users to update their passwords.

Requirements

  • Develop server-side logic to update the user’s password.
  • Securely handle password updates and comply with security standards.
  • Ensure that password updates are logged and monitored.

Expected Outcome

  • API endpoint allows users to update passwords with appropriate validation and security measures.

Tasks

  • Define the server-side application’s POST /api/v1/password-update route.
  • Ensure requests include a valid token in the Authorization header.
  • Validate that both current_password and new_password are provided.
  • Ensure new_password meets security requirements.
  • Implement logic to verify the current password.
  • Update the password if it is valid and meets security requirements.
  • Handle cases where the current password is incorrect or the new password does not meet security standards.

Testing

  • Write unit tests to validate input validation and password update logic.
  • Write integration tests to ensure end-to-end functionality.
  • Perform security testing to ensure data protection and compliance.

NB: This issue has been approved in the main issue here
@SundayMba SundayMba added the auth Issues categorised by authentication and users label Jul 19, 2024
@IsraelBO17
Copy link
Author

Slack ID - @Israel_B.O

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Issues categorised by authentication and users
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SundayMba @IsraelBO17