0.1.31: Added change password api and PasswordInput widget type. Fixed auto identifiction fk_name for inline models.

Author: vsdudakov

docs/index.html

@@ -181,6 +181,9 @@ <h4 class="title">FastAdmin</h4>
             <li class="nav-item">
               <a class="nav-link" href="#changelog">Changelog</a>
               <ul class="nav flex-column">
+                <li class="nav-item">
+                  <a class="nav-link" href="#v0_1_31">v0.1.31</a>
+                </li>
                 <li class="nav-item">
                   <a class="nav-link" href="#v0_1_30">v0.1.30</a>
                 </li>
@@ -230,7 +233,7 @@ <h1>Documentation</h1>
               <div class="row">
                 <div class="col-sm-6 col-lg-4">
                   <ul class="list-unstyled">
-                    <li><strong>Version:</strong> 0.1.30</li>
+                    <li><strong>Version:</strong> 0.1.31</li>
                     <li>
                       <strong>Author:</strong>
                       <a href="mailto:vsdudakov@gmail.com" target="_blank"
@@ -1225,6 +1228,15 @@ <h3>ModelAdmin methods</h3>
   :params password: a password.
   :return: An user id or None.
   """
+  ...
+
+
+async def change_password(self, id: UUID | int, password: str) -> None:
+  """This method is used to change user password.
+
+  :params id: An user id.
+  :params password: A new password.
+  """
   ...
                 </code>
               </pre>
@@ -1378,6 +1390,18 @@ <h2>Changelog</h2>
               </p>
               <hr class="small-divider" />
               <!-- <p class="alert alert-info mb-5"> For Future Updates Follow Us <a target="_blank" href="http://themeforest.net/user/harnishdesign?ref=HarnishDesign">@themeforest</a> / <a target="_blank" href="http://facebook.com/harnishdesign">@facebook</a> / <a target="_blank" href="http://twitter.com/harnishdesign">@twitter</a> / <a target="_blank" href="https://dribbble.com/harnishdesign">@Dribbble</a></p> -->
+              <h3 id="v0_1_31">
+                Version 0.1.31
+                <small class="text-muted">(27 March, 2024)</small>
+              </h3>
+              <ul class="changelog">
+                <li>
+                  Added change password api and PasswordInput widget type.
+                </li>
+                <li>Fixed auto identifiction fk_name for inline models.</li>
+              </ul>
+              <hr class="small-divider" />
+
               <h3 id="v0_1_30">
                 Version 0.1.30
                 <small class="text-muted">(26 March, 2024)</small>

examples/djangoorm/models.py

@@ -84,6 +84,14 @@ def authenticate(self, username, password):
             return None
         return obj.id
 
+    def change_password(self, user_id, password):
+        user = self.model_cls.objects.filter(id=user_id).first()
+        if not user:
+            return
+        # direct saving password is only for tests - use hash
+        user.password = password
+        user.save()
+
 
 class DjangoEventInlineModelAdmin(DjangoInlineModelAdmin):
     model = Event

examples/ponyorm/models.py

@@ -115,6 +115,15 @@ def authenticate(self, username, password):
             return None
         return obj.id
 
+    @db_session
+    def change_password(self, user_id, password):
+        obj = next((f for f in self.model_cls.select(id=user_id)), None)
+        if not obj:
+            return None
+        # direct saving password is only for tests - use hash
+        obj.password = password
+        commit()
+
 
 class PonyORMEventInlineModelAdmin(PonyORMInlineModelAdmin):
     model = Event

examples/sqlalchemy/models.py

@@ -127,13 +127,21 @@ class SqlAlchemyUserModelAdmin(SqlAlchemyModelAdmin):
     async def authenticate(self, username, password):
         sessionmaker = self.get_sessionmaker()
         async with sessionmaker() as session:
-            query = select(User).filter_by(username=username, password=password, is_superuser=True)
+            query = select(self.model_cls).filter_by(username=username, password=password, is_superuser=True)
             result = await session.scalars(query)
             obj = result.first()
             if not obj:
                 return None
             return obj.id
 
+    async def change_password(self, user_id, password):
+        sessionmaker = self.get_sessionmaker()
+        async with sessionmaker() as session:
+            # direct saving password is only for tests - use hash
+            query = update(self.model_cls).where(User.id.in_([user_id])).values(password=password)
+            await session.execute(query)
+            await session.commit()
+
 
 class SqlAlchemyEventInlineModelAdmin(SqlAlchemyInlineModelAdmin):
     model_name_prefix = "sqlalchemy"

examples/tortoiseorm/models.py

@@ -87,6 +87,14 @@ async def authenticate(self, username, password):
             return None
         return obj.id
 
+    async def change_password(self, user_id, password):
+        user = await self.model_cls.filter(id=user_id).first()
+        if not user:
+            return
+        # direct saving password is only for tests - use hash
+        user.password = password
+        await user.save()
+
 
 class TortoiseORMEventInlineModelAdmin(TortoiseInlineModelAdmin):
     model = Event

fastadmin/api/frameworks/django/app/api.py

@@ -210,6 +210,30 @@ async def add(request: HttpRequest, model: str) -> JsonResponse:
         return JsonResponse({"detail": e.detail}, status=e.status_code)
 
 
+@csrf_exempt
+async def change_password(request: HttpRequest, id: UUID | int) -> JsonResponse:
+    """This method is used to change a password.
+
+    :params id: an id of object.
+    :params payload: a payload object.
+    :return: An object.
+    """
+    if request.method != "PATCH":
+        return JsonResponse({"error": "Method not allowed"}, status=405)
+    if not is_valid_id(id):
+        return JsonResponse({"error": "Invalid id. It must be a UUID or an integer."}, status=422)
+    try:
+        await api_service.change_password(
+            request.COOKIES.get(settings.ADMIN_SESSION_ID_KEY, None),
+            id,
+            json.loads(request.body),
+        )
+        return JsonResponse(id, safe=False)
+
+    except AdminApiException as e:
+        return JsonResponse({"detail": e.detail}, status=e.status_code)
+
+
 @csrf_exempt
 async def change(request: HttpRequest, model: str, id: UUID | int) -> JsonResponse:
     """This method is used to change an object.

fastadmin/api/frameworks/django/app/urls.py

@@ -6,7 +6,7 @@
 
 from fastadmin.settings import ROOT_DIR
 
-from .api import action, add, change, configuration, delete, export, get, list, me, sign_in, sign_out
+from .api import action, add, change, change_password, configuration, delete, export, get, list, me, sign_in, sign_out
 from .views import index
 
 
@@ -20,6 +20,7 @@ def get_admin_urls():
             path("api/list/<str:model>", list),
             path("api/retrieve/<str:model>/<str:id>", get),
             path("api/add/<str:model>", add),
+            path("api/change-password/<str:id>", change_password),
             path("api/change/<str:model>/<str:id>", change),
             path("api/export/<str:model>", export),
             path("api/delete/<str:model>/<str:id>", delete),

fastadmin/api/frameworks/fastapi/api.py

@@ -25,6 +25,7 @@ async def sign_in(
 ) -> None:
     """This method is used to sign in.
 
+    :params request: a request object.
     :params response: a response object.
     :params payload: a payload object.
     :return: None.
@@ -49,6 +50,7 @@ async def sign_out(
 ) -> None:
     """This method is used to sign out.
 
+    :params request: a request object.
     :params response: a response object.
     :return: None.
     """
@@ -165,6 +167,25 @@ async def add(
         raise HTTPException(e.status_code, detail=e.detail)
 
 
+@router.patch("/change-password/{id}")
+async def change_password(
+    request: Request,
+    id: UUID | int,
+    payload: dict,
+) -> UUID | int:
+    """This method is used to change password.
+
+    :params id: an id of object.
+    :params payload: a payload object.
+    :return: An object.
+    """
+    try:
+        await api_service.change_password(request.cookies.get(settings.ADMIN_SESSION_ID_KEY, None), id, payload)
+        return id
+    except AdminApiException as e:
+        raise HTTPException(e.status_code, detail=e.detail)
+
+
 @router.patch("/change/{model}/{id}")
 async def change(
     request: Request,

fastadmin/api/frameworks/flask/api.py

@@ -163,6 +163,32 @@ async def add(model: str) -> dict:
         raise http_exception
 
 
+@api_router.route("/change-password/<string:id>", methods=["PATCH"])
+async def change_password(id: UUID | int) -> UUID | int:
+    """This method is used to change password.
+
+    :params id: an id of object.
+    :params payload: a payload object.
+    :return: An object.
+    """
+    if not is_valid_id(id):
+        http_exception = HTTPException("Invalid id. It must be a UUID or an integer.")
+        http_exception.code = 422
+        raise http_exception
+    try:
+        payload: dict = request.json
+        await api_service.change_password(
+            request.cookies.get(settings.ADMIN_SESSION_ID_KEY, None),
+            id,
+            payload,
+        )
+        return id
+    except AdminApiException as e:
+        http_exception = HTTPException(e.detail)
+        http_exception.code = e.status_code
+        raise http_exception
+
+
 @api_router.route("/change/<string:model>/<string:id>", methods=["PATCH"])
 async def change(model: str, id: UUID | int) -> dict:
     """This method is used to change an object.

fastadmin/api/schemas.py

@@ -1,7 +1,9 @@
 from enum import Enum
 from uuid import UUID
 
-from pydantic import BaseModel
+from pydantic import BaseModel, validator
+
+from fastadmin.api.exceptions import AdminApiException
 
 
 class ExportFormat(str, Enum):
@@ -28,6 +30,19 @@ class SignInInputSchema(BaseModel):
     password: str
 
 
+class ChangePasswordInputSchema(BaseModel):
+    """Change password input schema"""
+
+    password: str
+    confirm_password: str
+
+    @validator("confirm_password")
+    def passwords_match(cls, v, values, **kwargs):
+        if "password" in values and v != values["password"]:
+            raise AdminApiException(422, detail="Passwords do not match")
+        return v
+
+
 class ExportInputSchema(BaseModel):
     """Export input schema"""