feat: member change password API

api/auth/serializers.py

@@ -7,6 +7,7 @@ class UserSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
         fields = [
+            "id",
             "username",
             "email",
             "password",

api/auth/views.py

@@ -206,3 +206,22 @@ class MemberLogoutView(LogoutBasedView):
                 )
 
         return response
+
+
+class MemberChangePasswordView(views.APIView):
+    permission_classes = [IsNotStaffUser]
+
+    def post(self, request, member_id):
+        new_password = request.data.get("new_password")
+        old_password = request.data.get("old_password")
+        member = Member.objects.get(pk=member_id)
+        user = member.user
+
+        if user.check_password(old_password):
+            user.set_password(new_password)
+            user.save()
+            return Response(
+                {"message": "Pasword succesfuly changed"}, status=status.HTTP_200_OK
+            )
+
+        return Response({"message": "Change password failed, old password is invalid."})

api/urls.py

@@ -9,6 +9,7 @@ from .auth.views import (
     MemberViewSet,
     MemberLoginView,
     MemberLogoutView,
+    MemberChangePasswordView,
 )
 from .book.views import BookViewSet, CategoryViewSet
 from .loans.views import (
@@ -46,7 +47,12 @@ urlpatterns = [
         "librarians/auth/logout", LibrarianLogoutView.as_view(), name="librarian_logout"
     ),
     path("members/auth/login", MemberLoginView.as_view(), name="member_login"),
-    path("members/auth/logout", MemberLogoutView.as_view(), name="member_logout"),
+    path("members/auth/logout/", MemberLogoutView.as_view(), name="member_logout"),
+    path(
+        "members/<int:member_id>/change-password",
+        MemberChangePasswordView.as_view(),
+        name="member_change_password",
+    ),
     path(
         "members/<int:member_id>/",
         include(router_member_loan.urls),