fix: change password for the given username (#534)

irrespective of the user by which client id and secret key is generated for jwt authnetication Co-authored-by: Muhammad Faraz Maqsood <[email protected]>
edly-io · Apr 18, 2024 · 384d211 · 384d211
1 parent f14f115
commit 384d211
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/openedx/core/djangoapps/user_authn/urls_common.py b/openedx/core/djangoapps/user_authn/urls_common.py
@@ -74,8 +74,10 @@
 
     # Password reset api views.
     path('password_reset/', password_reset.password_reset, name='password_reset'),
-    path('api/user/v1/account/change_password/', password_reset.ChangePasswordAPIView.as_view(), 
-         name='user_change_password_api'),
+    re_path(fr'api/user/v1/account/change_password/{settings.USERNAME_PATTERN}$', 
+         password_reset.ChangePasswordAPIView.as_view(), 
+         name='user_change_password_api',
+    ),
     re_path(
         r'^password_reset_confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$',
         PasswordResetConfirmWrapper.as_view(),

diff --git a/openedx/core/djangoapps/user_authn/views/password_reset.py b/openedx/core/djangoapps/user_authn/views/password_reset.py
@@ -255,12 +255,14 @@ class ChangePasswordAPIView(APIView):
     )
     permission_classes = (IsAuthenticated,)
 
-    def post(self, request):
+    def post(self, request, username):
         serializer = ChangePasswordSerializer(data=request.data)
         if serializer.is_valid():
             current_password = serializer.validated_data['current_password']
             new_password = serializer.validated_data['new_password']
-            user = request.user
+            user = User.objects.filter(username=username).first()
+            if not user:
+                user = request.user
 
             # Check if the current password provided matches the user's actual password
             if not user.check_password(current_password):