Add change password functionality for users

Introduces a change password route, form, and template, allowing authenticated users to update their password. Updates the User model with a method to set the must_change_password flag. Adjusts login and navigation logic to support the new flow and ensures users are redirected to change their password if required.

application/auth/routes.py

@@ -1,8 +1,9 @@
-from flask import Blueprint, request, render_template
+from flask import Blueprint, request, render_template, redirect, url_for
 from flask_login import current_user, login_user
-from forms import LoginForm
+from forms import LoginForm, ChangePasswordForm
 from models import User
 from application.utils import default_return
+from application import db
 
 bp = Blueprint(
     "auth",
@@ -28,3 +29,22 @@ def login():
             pass
             # invalid user
     return render_template("login.html", form=form)
+
+
+@bp.route("/change_password", methods=["GET", "POST"])
+def change_password():
+    if not current_user.is_authenticated:
+        return redirect(url_for("auth.login"))
+
+    form = ChangePasswordForm()
+    if form.validate_on_submit():
+        cur_check = current_user.check_password(
+            password=form.current_password.data
+        )
+        eq_check = form.new_password.data == form.confirm_password.data
+        if cur_check and eq_check:
+            current_user.change_password(form.new_password.data)
+            current_user.set_pw_change(False)
+            db.session.commit()
+            return default_return()
+    return render_template("change_password.html", form=form)

application/auth/templates/change_password.html

@@ -0,0 +1,46 @@
+{% extends "base.html" %}
+
+{% block content %}
+<div class="container d-flex justify-content-center align-items-center">
+    <div class="card shadow-sm p-4" style="width: 100%; max-width: 400px;">
+        <h3 class="mb-4 text-center">Login</h3>
+        <form method="post">
+            {{ form.hidden_tag() }}
+
+            <div class="mb-3">
+                {{ form.current_password.label(class="form-label") }}
+                {{ form.current_password(class="form-control", placeholder="") }}
+                {% if form.current_password.errors %}
+                <div class="text-danger small">
+                    {{ form.current_password.errors[0] }}
+                </div>
+                {% endif %}
+            </div>
+
+            <div class="mb-3">
+                {{ form.new_password.label(class="form-label") }}
+                {{ form.new_password(class="form-control", placeholder="Enter password") }}
+                {% if form.new_password.errors %}
+                <div class="text-danger small">
+                    {{ form.new_password.errors[0] }}
+                </div>
+                {% endif %}
+            </div>
+
+            <div class="mb-3">
+                {{ form.confirm_password.label(class="form-label") }}
+                {{ form.confirm_password(class="form-control", placeholder="Enter password") }}
+                {% if form.confirm_password.errors %}
+                <div class="text-danger small">
+                    {{ form.confirm_password.errors[0] }}
+                </div>
+                {% endif %}
+            </div>
+
+            <div class="d-grid">
+                {{ form.submit(class="btn btn-primary btn-lg") }}
+            </div>
+        </form>
+    </div>
+</div>
+{% endblock%}

application/auth/templates/login.html

@@ -4,7 +4,7 @@
 <div class="container d-flex justify-content-center align-items-center">
     <div class="card shadow-sm p-4" style="width: 100%; max-width: 400px;">
         <h3 class="mb-4 text-center">Login</h3>
-        <form method="post" novalidate>
+        <form method="post">
             {{ form.hidden_tag() }}
 
             <div class="mb-3">