feat: 본인 비밀번호 재설정 API 추가

Author: MU-Software

app/admin_api/serializers/user.py

@@ -57,3 +57,38 @@ def validate(self, attrs: UserAdminSignInSerializerData) -> UserAdminSignInSeria
             raise serializers.PermissionDenied("Only permissioned users can sign in using this route.")
 
         return attrs
+
+
+class UserAdminPasswordChangeSerializerData(typing.TypedDict):
+    old_password: str
+    new_password: str
+    new_password_confirm: str
+
+
+class UserAdminPasswordChangeSerializer(JsonSchemaSerializer, ReadOnlyModelSerializer):
+    old_password = serializers.CharField(write_only=True, required=True)
+    new_password = serializers.CharField(write_only=True, required=True)
+    new_password_confirm = serializers.CharField(write_only=True, required=True)
+
+    class Meta:
+        model = UserExt
+        fields = ("old_password", "new_password", "new_password_confirm")
+
+    def validate(self, attrs: UserAdminPasswordChangeSerializerData) -> UserAdminPasswordChangeSerializerData:
+        user: UserExt = self.instance
+        if not user.check_password(attrs["old_password"]):
+            raise serializers.ValidationError("Old password is incorrect.")
+
+        if attrs["old_password"] == attrs["new_password"]:
+            raise serializers.ValidationError("New password cannot be the same as the old password.")
+
+        if attrs["new_password"] != attrs["new_password_confirm"]:
+            raise serializers.ValidationError("New password and confirmation do not match.")
+
+        return attrs
+
+    def save(self, **kwargs: typing.Any) -> UserExt:
+        user: UserExt = self.instance
+        user.set_password(self.validated_data["new_password"])
+        user.save(update_fields=["password"])
+        return user

app/admin_api/views/user.py

@@ -1,4 +1,8 @@
-from admin_api.serializers.user import UserAdminSerializer, UserAdminSignInSerializer
+from admin_api.serializers.user import (
+    UserAdminPasswordChangeSerializer,
+    UserAdminSerializer,
+    UserAdminSignInSerializer,
+)
 from core.const.account import INITIAL_ADMIN_PASSWORD
 from core.const.tag import OpenAPITag
 from core.permissions import IsSuperUser
@@ -59,3 +63,15 @@ def reset_password(self, *args: tuple, **kwargs: dict) -> response.Response:
         user.set_password(INITIAL_ADMIN_PASSWORD)
         user.save(update_fields=["password"])
         return response.Response(status=status.HTTP_204_NO_CONTENT)
+
+    @extend_schema(
+        tags=[OpenAPITag.ADMIN_ACCOUNT],
+        request=UserAdminPasswordChangeSerializer,
+        responses={status.HTTP_200_OK: UserAdminSerializer},
+    )
+    @decorators.action(detail=False, methods=["POST"], url_path="password", permission_classes=[IsSuperUser])
+    def change_password(self, request: request.Request, *args: tuple, **kwargs: dict) -> response.Response:
+        serializer = UserAdminPasswordChangeSerializer(data=request.data, instance=request.user)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return response.Response(data=UserAdminSerializer(serializer.instance).data)