trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

Add PUT /api/auth/password endpoint for credential users

Browse source 
Implements task 6.2: verifies current password with bcryptjs, rejects
OAuth users (no password_hash), validates new password (8+ chars),
hashes and persists the new password.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marko Djordjevic 2026-02-20 10:21:27 +01:00
parent c36ab7c146
commit 93f7d20382
2 changed files with 79 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
openspec/changes/user-accounts/tasks.md
View file

@ -32,7 +32,7 @@
## 6. User Settings API
- [x] 6.1 `[haiku]` Create `PUT /api/auth/profile` endpoint: update user display name
- [ ] 6.2 `[sonnet]` Create `PUT /api/auth/password` endpoint: verify current password, hash new password, update; reject for OAuth users
- [x] 6.2 `[sonnet]` Create `PUT /api/auth/password` endpoint: verify current password, hash new password, update; reject for OAuth users
- [ ] 6.3 `[sonnet]` Create `DELETE /api/auth/account` endpoint: delete all user data (cascade) and user record
## 7. Update Existing API Routes