MCPcopy Index your code
hub / github.com/tiny-pilot/tinypilot / current_user_password_put

Function current_user_password_put

app/api.py:132–161  ·  view source on GitHub ↗

Updates the current user's own password. Accepts a JSON request body with only a "password" field. The username is derived from the current session, preventing privilege escalation attacks where a user might attempt to change another user's password. Returns: Empty response

()

Source from the content-addressed store, hash-verified

130@api_blueprint.route('/currentUser/password', methods=['PUT'])
131@required_auth(auth.Role.OPERATOR)
132def current_user_password_put():
133 """Updates the current user's own password.
134
135 Accepts a JSON request body with only a "password" field. The username is
136 derived from the current session, preventing privilege escalation attacks
137 where a user might attempt to change another user's password.
138
139 Returns:
140 Empty response on success, error object otherwise.
141 """
142 current_username = session.get_username()
143 if not current_username:
144 return json_response.error(
145 NotAuthenticatedError('Not authenticated')), 401
146
147 try:
148 password = request_parsers.password.parse_password(flask.request)
149 except request_parsers.errors.Error as e:
150 return json_response.error(e), 400
151
152 try:
153 auth.change_password(current_username, password)
154 except db.users.UserDoesNotExistError as e:
155 # This is a safeguard, this scenario should never occur.
156 return json_response.error(e), 404
157
158 # Refresh the session with the new credentials.
159 session.login(current_username)
160
161 return json_response.success()
162
163
164@api_blueprint.route('/user/password', methods=['PUT'])

Callers

nothing calls this directly

Calls 2

change_passwordMethod · 0.80

Tested by

no test coverage detected