Skip to content

Feat/ssad 0122/ ability to change user password#123

Open
RomanKholod wants to merge 4 commits into
devfrom
122-enhancement-create-an-ability-to-change-user-password
Open

Feat/ssad 0122/ ability to change user password#123
RomanKholod wants to merge 4 commits into
devfrom
122-enhancement-create-an-ability-to-change-user-password

Conversation

@RomanKholod
Copy link
Copy Markdown
Contributor

@RomanKholod RomanKholod commented Mar 3, 2026

dev

JIRA

Summary of change

Added an ability to change user password

@RomanKholod RomanKholod linked an issue Mar 3, 2026 that may be closed by this pull request
[Enhancement] Create an ability to change user password #122
Closed
@RomanKholod
Copy link
Copy Markdown
Contributor Author

RomanKholod commented Mar 3, 2026

Only fails Test Email API

@RomanKholod RomanKholod self-assigned this Mar 4, 2026
Serpantyn
Serpantyn previously approved these changes Mar 4, 2026
View reviewed changes
Comment thread Streetcode/Streetcode.Auth.XUnitTest/ChangePassword/ChangePasswordRequestDTOValidatorTests.cs Outdated
[InlineData("")]
[InlineData(null)]
public void ShouldHaveError_WhenEmailIsEmpty(string email)
{
Copy link
Copy Markdown
Contributor

@Serpantyn Serpantyn Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved but format your tests with arrange act assert comments

DrFaust555
DrFaust555 requested changes Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@DrFaust555 DrFaust555 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Problems:

  1. SECURITY: Endpoint without [Authorize]
    [HttpPost("change-password")] does not have the [Authorize] attribute. Anyone can try to change the password knowing the email and current password. This endpoint must require authentication.

  2. SECURITY: Email is taken from the body, not from the token
    Handler accepts Email from the request body and looks for the user by it. This means that authenticated user A can try to change the password of user B if he knows his email and password. Correctly — take email from HttpContext.User.Claims (from the JWT token), and do not trust the body.

  3. build.yml contains an unnecessary change — adds a Test Email API step for a project that is not on dev. This came from merge and does not apply to the password feature. Because of this, CI crashes. It needs to be removed.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 5, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
69.2% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

@RomanKholod RomanKholod requested a review from DrFaust555 March 5, 2026 20:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Serpantyn Serpantyn Serpantyn left review comments

@Sohatzk Sohatzk Awaiting requested review from Sohatzk

@khomenko-a khomenko-a Awaiting requested review from khomenko-a

@DrFaust555 DrFaust555 Awaiting requested review from DrFaust555

Requested changes must be addressed to merge this pull request.

Assignees

@RomanKholod RomanKholod

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Enhancement] Create an ability to change user password

3 participants

@RomanKholod @DrFaust555 @Serpantyn