def post(self): args = self.parser.parse_args() status = "failure" payload = jwt.decode( request.headers.environ.get('HTTP_X_ACCESS_TOKEN'), current_app.config['SECRET_KEY']) user = User.query.filter_by(id=payload['id']).first() if bcrypt.check_password_hash(user.password, args['old_password']): if not bcrypt.check_password_hash(user.password, args['new_password']): if args['new_password'] == args['confirm_new_password']: current_app.logger.info("%s has changed the password", user.username) user.update(password=bcrypt.generate_password_hash( args['new_password'].encode("utf-8")).decode("utf-8")) message = "Password is updated successfully" status = "success" else: message = "New password and confirm new password are not matching for the user" else: message = "New password and old password should not be same" else: message = "Old password is not matching" return marshal(respcls(message, status), parentwrapper.common_response_wrapper, skip_none=True)
def check_password(self, value): if not self.password: # still do the computation return bcrypt.generate_password_hash(value) and False return bcrypt.check_password_hash(self.password, value)