Skip to content

[FEAT] API Endpoint for Password Update #31

New issue
New issue
Open
Open
[FEAT] API Endpoint for Password Update#31
Labels
authIssues categorised by authentication and users
@IsraelBO17

Description

@IsraelBO17
IsraelBO17
opened on Jul 18, 2024

Description

Create an API endpoint that allows users to update their passwords with input validation and proper security measures.

Acceptance Criteria

  • The endpoint should be accessible at POST /api/v1/auth/password-update
  • The endpoint should accept HTTP POST requests.
  • The endpoint should be secured to ensure that only authenticated users can update their passwords.
  • Proper authentication mechanisms (e.g., JWT, OAuth2) should be implemented.
  • Requests to the endpoint must include a valid authentication token in the Authorization header. Authorization: Bearer <token>
  • Request body
{
 “current_password”: “CurrentPassword123",
 “new_password”: “NewPassword123"
}
  • Response
  • On a successful change of the password, the API should return a 200 OK status code.
  • The response body should contain status and a message
{
  “status”: “success”,
  “message”: “Password updated successfully”
}
  • Validation
  • If any required field is missing or invalid, the API should return a 400 Bad Request status code with appropriate validation error messages.
{
  “status”: “unsuccessful”,
  “message”: “field must be provided”
 }
  • If the current password is invalid, THE API should return a 400 Bad Request status code with the appropriate message.
{
 “status_code”: 400,
 “message”: “Current password is incorrect”
}
  • If the new password is weak, the API should return a 400 Bad Request status code with the appropriate message.
{
  “status_code”: 400,
  “message”: “New password does not meet security requirements”,
  “error”: “Bad Request”
}

Purpose

Provides a secure backend service that allows users to update their passwords.

Requirements

  • Develop server-side logic to update the user’s password.
  • Securely handle password updates and comply with security standards.
  • Ensure that password updates are logged and monitored.

Expected Outcome

  • API endpoint allows users to update passwords with appropriate validation and security measures.

Tasks

  • Define the server-side application’s POST /api/v1/password-update route.
  • Ensure requests include a valid token in the Authorization header.
  • Validate that both current_password and new_password are provided.
  • Ensure new_password meets security requirements.
  • Implement logic to verify the current password.
  • Update the password if it is valid and meets security requirements.
  • Handle cases where the current password is incorrect or the new password does not meet security standards.

Testing

  • Write unit tests to validate input validation and password update logic.
  • Write integration tests to ensure end-to-end functionality.
  • Perform security testing to ensure data protection and compliance.

NB: This issue has been approved in the main issue here

Metadata

Metadata

Assignees

No one assigned

    Labels

    authIssues categorised by authentication and users

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions