Andras/BoundlessFlowCampus2K

Fork 0

#920-change-password #972

Merged

a22erigr merged 7 commits from #920-change-password into team_2_week_6

2026-05-19 19:45:37 +00:00

j21marbr commented

2026-05-15 11:51:23 +00:00

Collaborator

Implemented password change functionality with old password verification.
Added:

Change password endpoint
Database query for password updates
Password hashing before storing new passwords
Validation and logging for successful and failed password change requests

Implemented password change functionality with old password verification. Added: + Change password endpoint + Database query for password updates + Password hashing before storing new passwords + Validation and logging for successful and failed password change requests

j21marbr added 4 commits

2026-05-15 11:51:24 +00:00

Add ChangePasswordDto for password change requests df8ca737f4

Add password update query to database ac4eabb075

Create change password endpoint in auth endpoints f5c8f6f3b4

Implement password change in auth service 15e78caadb

j21marbr commented

2026-05-15 11:51:42 +00:00

Author

Collaborator

No description provided.

bild.png

378 KiB

j21marbr added the

Team 2

needs review

labels

2026-05-15 11:52:40 +00:00

j21marbr referenced this pull request

2026-05-15 11:53:29 +00:00

Implement the possibility to change password. #920

a22erigr

2026-05-15 13:21:36 +00:00

added the
Under-review
label
requested review from b25marem

b23albst commented

2026-05-18 11:30:45 +00:00

Collaborator

I just wanted to bring attention to the change that was made to AuthResponse in pr #973. It now expects an access token and error type. Access token can just be set to null and when there is an error, an appropriate error type should be used.

👍 2

b25marem commented

2026-05-18 15:45:18 +00:00

Collaborator

Review on #920

Whats done

Password change functionality has been implemented.

Tested on Windows using PowerShell

Tested signup.
Tested login.
Tested password change.
Tested that old password no longer works after password change.
Tested that login with the new password works.
App starts with postgres and loginService.

Inspected following files

DatabaseLogic/DatabaseQueries.cs
- Indentation/code styling: OK.
- Naming convention: OK.
- Comments: XML comments are added for UpdatePassword.
- General code quality: UpdatePassword is clear and works as expected.
DatabaseLogic/IDatabaseQueries.cs
- Indentation/code styling: Problem noted. UpdatePassword has extra indentation.
- Naming convention: OK.
- General code quality: OK.
Endpoints/AuthEndpoints.cs
- Indentation/code styling: Mostly OK.
- Naming convention: Existing auth routes use mixed casing (/auth/login, /auth/SignUp, /auth/changepassword). Consider standardizing route naming for consistency.
- Comments: Uses multi-line comments where single-line comments or XML comments would better match the standard.
- General code quality: Endpoint works as expected.
Models/Requests/ChangePasswordDto.cs
- Indentation/code styling: OK.
- Naming convention: OK.
Services/AuthService.cs
- Indentation/code styling: Extra blank lines before ChangePasswordAsync.
- Naming convention: OK.

What needs to be done

IDatabaseQueries.cs
Fix indentation for UpdatePassword.
AuthEndpoints.cs
Consider standardizing auth route casing.
AuthService.cs
Remove extra blank lines.

Conclusion

The password change functionality works as intended in local testing.
Only minor code standard and cleanup issues were found.
Ready after small cleanup fixes.

# Review on #920 ## Whats done Password change functionality has been implemented. ### Tested on Windows using PowerShell * Tested signup. * Tested login. * Tested password change. * Tested that old password no longer works after password change. * Tested that login with the new password works. * App starts with `postgres` and `loginService`. ### Inspected following files * `DatabaseLogic/DatabaseQueries.cs` * Indentation/code styling: OK. * Naming convention: OK. * Comments: XML comments are added for `UpdatePassword`. * General code quality: `UpdatePassword` is clear and works as expected. * `DatabaseLogic/IDatabaseQueries.cs` * Indentation/code styling: Problem noted. `UpdatePassword` has extra indentation. * Naming convention: OK. * General code quality: OK. * `Endpoints/AuthEndpoints.cs` * Indentation/code styling: Mostly OK. * Naming convention: Existing auth routes use mixed casing (`/auth/login`, `/auth/SignUp`, `/auth/changepassword`). Consider standardizing route naming for consistency. * Comments: Uses multi-line comments where single-line comments or XML comments would better match the standard. * General code quality: Endpoint works as expected. * `Models/Requests/ChangePasswordDto.cs` * Indentation/code styling: OK. * Naming convention: OK. * `Services/AuthService.cs` * Indentation/code styling: Extra blank lines before `ChangePasswordAsync`. * Naming convention: OK. ## What needs to be done * `IDatabaseQueries.cs` * Fix indentation for `UpdatePassword`. * `AuthEndpoints.cs` * Consider standardizing auth route casing. * `AuthService.cs` * Remove extra blank lines. ## Conclusion * The password change functionality works as intended in local testing. * Only minor code standard and cleanup issues were found. * Ready after small cleanup fixes.

b25marem added

and removed

labels

2026-05-18 15:47:02 +00:00

b25marem commented

2026-05-18 15:54:47 +00:00

Collaborator

Regarding the comment above about PR #973: I could not see the new AuthResponse changes being used yet. The implementation still seems to use the old constructors.

Regarding the comment above about PR #973: I could not see the new `AuthResponse` changes being used yet. The implementation still seems to use the old constructors.

j21marbr added 2 commits

2026-05-18 18:40:28 +00:00

Merge branch 'team_2_week_6' into #920-change-password 3d7c53ecb9

Update ChangePassword to use the new AuthResponse and cleanup 09e60c3dd3

b25marem commented

2026-05-19 06:11:19 +00:00

Collaborator

Review after latest changes:

Fixed:

IDatabaseQueries.cs: indentation for UpdatePassword is now fixed.
AuthEndpoints.cs: some multi-line comments were replaced with // comments.
AuthService.cs: several error responses now follow the updated AuthResponse format from PR #973 by using accessToken = null together with ErrorTypes.

Remaining issues:

IDatabaseQueries.cs
- Typo still exists in the comment:
  succefull → successful.
AuthEndpoints.cs
- Route naming is still inconsistent:
  /login, /SignUp, /ChangePassword
  use mixed casing conventions. It would be good to standardize endpoint naming for consistency.
- A multi-line comment still exists above /ChangePassword.
ChangePasswordDto.cs
- Typo still exists in the comment:
  tranfer to transfer.
- The DTO still lacks validation attributes such as [Required].
AuthService.cs
- ChangePasswordAsync still does not null-check changePasswordDto before accessing its properties.
- There is still an extra blank line directly after try.
- The success/fallback response still uses the old constructor style:
  return new AuthResponse(result ? null : "Failed to update password");
  This should also follow the new AuthResponse structure introduced in PR #973.
- The catch block still returns raw exception.Message to the client:
  return new AuthResponse(null, exception.Message, ErrorTypes.Internal);
  It would be safer to log the internal exception and return a generic error message instead.
- XML comment typo:
  A AuthResponse object → An AuthResponse object.

Review after latest changes: Fixed: * IDatabaseQueries.cs: indentation for UpdatePassword is now fixed. * AuthEndpoints.cs: some multi-line comments were replaced with // comments. * AuthService.cs: several error responses now follow the updated AuthResponse format from PR #973 by using accessToken = null together with ErrorTypes. Remaining issues: * IDatabaseQueries.cs * Typo still exists in the comment: succefull → successful. * AuthEndpoints.cs * Route naming is still inconsistent: /login, /SignUp, /ChangePassword use mixed casing conventions. It would be good to standardize endpoint naming for consistency. * A multi-line comment still exists above /ChangePassword. * ChangePasswordDto.cs * Typo still exists in the comment: tranfer to transfer. * The DTO still lacks validation attributes such as [Required]. * AuthService.cs * ChangePasswordAsync still does not null-check changePasswordDto before accessing its properties. * There is still an extra blank line directly after try. * The success/fallback response still uses the old constructor style: return new AuthResponse(result ? null : "Failed to update password"); This should also follow the new AuthResponse structure introduced in PR #973. * The catch block still returns raw exception.Message to the client: return new AuthResponse(null, exception.Message, ErrorTypes.Internal); It would be safer to log the internal exception and return a generic error message instead. * XML comment typo: A AuthResponse object → An AuthResponse object.

j21marbr added 1 commit

2026-05-19 14:20:46 +00:00

Clean up e833a3f319

b25marem commented

2026-05-19 14:56:48 +00:00

Collaborator

looks good. ready to merge

👍 1

b25marem added

and removed

cleanup

reviewed