Implement change password
This commit is contained in:
parent
bfcdd642fd
commit
43aab057c8
|
@ -177,7 +177,7 @@ class SwitchUserForm(FlaskForm):
|
|||
@rank_required(UserRank.ADMIN)
|
||||
def switch_user():
|
||||
form = SwitchUserForm(formdata=request.form)
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
user = User.query.filter_by(username=form["username"].data).first()
|
||||
if user is None:
|
||||
flash("Unable to find user", "danger")
|
||||
|
|
|
@ -48,7 +48,7 @@ def create_edit_license(name=None):
|
|||
form = LicenseForm(formdata=request.form, obj=license)
|
||||
if request.method == "GET" and license is None:
|
||||
form.is_foss.data = True
|
||||
elif request.method == "POST" and form.validate():
|
||||
elif form.validate_on_submit():
|
||||
if license is None:
|
||||
license = License(form.name.data)
|
||||
db.session.add(license)
|
||||
|
|
|
@ -60,7 +60,7 @@ def create_edit_tag(name=None):
|
|||
abort(403)
|
||||
|
||||
form = TagForm(formdata=request.form, obj=tag)
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
if tag is None:
|
||||
tag = Tag(form.title.data)
|
||||
tag.description = form.description.data
|
||||
|
|
|
@ -46,7 +46,7 @@ def create_edit_version(name=None):
|
|||
abort(404)
|
||||
|
||||
form = VersionForm(formdata=request.form, obj=version)
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
if version is None:
|
||||
version = MinetestRelease(form.name.data)
|
||||
db.session.add(version)
|
||||
|
|
|
@ -47,7 +47,7 @@ def create_edit_warning(name=None):
|
|||
abort(404)
|
||||
|
||||
form = WarningForm(formdata=request.form, obj=warning)
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
if warning is None:
|
||||
warning = ContentWarning(form.title.data, form.description.data)
|
||||
db.session.add(warning)
|
||||
|
|
|
@ -80,7 +80,7 @@ def create_edit_token(username, id=None):
|
|||
form = CreateAPIToken(formdata=request.form, obj=token)
|
||||
form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
|
||||
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
if is_new:
|
||||
token = APIToken()
|
||||
token.owner = user
|
||||
|
|
|
@ -191,7 +191,7 @@ def setup_webhook():
|
|||
redirect_uri=abs_url_for("github.callback_webhook", pid=pid))
|
||||
|
||||
form = SetupWebhookForm(formdata=request.form)
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
token = APIToken()
|
||||
token.name = "GitHub Webhook for " + package.title
|
||||
token.owner = current_user
|
||||
|
|
|
@ -286,7 +286,7 @@ def create_edit(author=None, name=None):
|
|||
if request.method == "POST" and form.type.data == PackageType.TXP:
|
||||
form.license.data = form.media_license.data
|
||||
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
wasNew = False
|
||||
if not package:
|
||||
package = Package.query.filter_by(name=form["name"].data, author_id=author.id).first()
|
||||
|
@ -468,7 +468,7 @@ def edit_maintainers(package):
|
|||
if request.method == "GET":
|
||||
form.maintainers_str.data = ", ".join([ x.username for x in package.maintainers if x != package.author ])
|
||||
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
usernames = [x.strip().lower() for x in form.maintainers_str.data.split(",")]
|
||||
users = User.query.filter(func.lower(User.username).in_(usernames)).all()
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ def create_release(package):
|
|||
if request.method != "POST":
|
||||
form["uploadOpt"].data = "vcs"
|
||||
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
if form["uploadOpt"].data == "vcs":
|
||||
rel = PackageRelease()
|
||||
rel.package = package
|
||||
|
@ -169,7 +169,7 @@ def edit_release(package, id):
|
|||
# HACK: fix bug in wtforms
|
||||
form.approved.data = release.approved
|
||||
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
wasApproved = release.approved
|
||||
if canEdit:
|
||||
release.title = form["title"].data
|
||||
|
@ -217,7 +217,7 @@ def bulk_change_release(package):
|
|||
|
||||
if request.method == "GET":
|
||||
form.only_change_none.data = True
|
||||
elif request.method == "POST" and form.validate():
|
||||
elif form.validate_on_submit():
|
||||
only_change_none = form.only_change_none.data
|
||||
|
||||
for release in package.releases.all():
|
||||
|
|
|
@ -59,7 +59,7 @@ def review(package):
|
|||
form.comment.data = review.thread.replies[0].comment
|
||||
|
||||
# Validate and submit
|
||||
elif request.method == "POST" and form.validate():
|
||||
elif form.validate_on_submit():
|
||||
was_new = False
|
||||
if not review:
|
||||
was_new = True
|
||||
|
|
|
@ -46,7 +46,7 @@ def create_screenshot(package):
|
|||
|
||||
# Initial form class from post data and default data
|
||||
form = CreateScreenshotForm()
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
uploadedUrl, uploadedPath = doFileUpload(form.fileUpload.data, "image",
|
||||
"a PNG or JPG image file")
|
||||
if uploadedUrl is not None:
|
||||
|
@ -85,7 +85,7 @@ def edit_screenshot(package, id):
|
|||
# HACK: fix bug in wtforms
|
||||
form.approved.data = screenshot.approved
|
||||
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
if canEdit and form["delete"].data:
|
||||
PackageScreenshot.query.filter_by(id=id).delete()
|
||||
|
||||
|
|
|
@ -163,7 +163,7 @@ def edit_reply(id):
|
|||
abort(403)
|
||||
|
||||
form = CommentForm(formdata=request.form, obj=reply)
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate_on_submit():
|
||||
comment = form.comment.data
|
||||
|
||||
msg = "Edited reply by {}".format(reply.author.display_name)
|
||||
|
@ -271,7 +271,7 @@ def new():
|
|||
form.title.data = request.args.get("title") or ""
|
||||
|
||||
# Validate and submit
|
||||
elif request.method == "POST" and form.validate():
|
||||
elif form.validate_on_submit():
|
||||
thread = Thread()
|
||||
thread.author = current_user
|
||||
thread.title = form.title.data
|
||||
|
|
|
@ -68,6 +68,13 @@ def handle_login(form):
|
|||
|
||||
@bp.route("/user/login/", methods=["GET", "POST"])
|
||||
def login():
|
||||
if current_user.is_authenticated:
|
||||
next = request.args.get("next")
|
||||
if next and not is_safe_url(next):
|
||||
abort(400)
|
||||
|
||||
return redirect(next or url_for("homepage.home"))
|
||||
|
||||
form = LoginForm(request.form)
|
||||
if form.validate_on_submit():
|
||||
ret = handle_login(form)
|
||||
|
@ -134,10 +141,61 @@ class SetPasswordForm(FlaskForm):
|
|||
password2 = PasswordField("Verify password", [InputRequired(), Length(8, 100)])
|
||||
submit = SubmitField("Save")
|
||||
|
||||
class ChangePasswordForm(FlaskForm):
|
||||
old_password = PasswordField("Old password", [InputRequired(), Length(8, 100)])
|
||||
password = PasswordField("New password", [InputRequired(), Length(8, 100)])
|
||||
password2 = PasswordField("Verify password", [InputRequired(), Length(8, 100)])
|
||||
submit = SubmitField("Save")
|
||||
|
||||
|
||||
def handle_set_password(form):
|
||||
one = form.password.data
|
||||
two = form.password2.data
|
||||
if one != two:
|
||||
flash("Passwords do not much", "danger")
|
||||
return
|
||||
|
||||
current_user.password = make_flask_login_password(form.password.data)
|
||||
db.session.commit()
|
||||
|
||||
flash("Your password has been changed successfully.", "success")
|
||||
|
||||
if hasattr(form, "email"):
|
||||
newEmail = form.email.data
|
||||
if newEmail != current_user.email and newEmail.strip() != "":
|
||||
token = randomString(32)
|
||||
|
||||
ver = UserEmailVerification()
|
||||
ver.user = current_user
|
||||
ver.token = token
|
||||
ver.email = newEmail
|
||||
db.session.add(ver)
|
||||
db.session.commit()
|
||||
|
||||
task = sendVerifyEmail.delay(newEmail, token)
|
||||
return redirect(
|
||||
url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
|
||||
|
||||
return redirect(url_for("homepage.home"))
|
||||
|
||||
|
||||
@bp.route("/user/change-password/", methods=["GET", "POST"])
|
||||
@login_required
|
||||
def change_password():
|
||||
return "change"
|
||||
form = ChangePasswordForm(request.form)
|
||||
|
||||
if current_user.email is None:
|
||||
form.email.validators = [InputRequired(), Email()]
|
||||
|
||||
if form.validate_on_submit():
|
||||
if check_password_hash(current_user.password, form.old_password.data):
|
||||
ret = handle_set_password(form)
|
||||
if ret:
|
||||
return ret
|
||||
else:
|
||||
flash("Old password is incorrect", "danger")
|
||||
|
||||
return render_template("users/change_set_password.html", form=form)
|
||||
|
||||
|
||||
@bp.route("/user/set-password/", methods=["GET", "POST"])
|
||||
|
@ -150,39 +208,12 @@ def set_password():
|
|||
if current_user.email is None:
|
||||
form.email.validators = [InputRequired(), Email()]
|
||||
|
||||
if request.method == "POST" and form.validate():
|
||||
one = form.password.data
|
||||
two = form.password2.data
|
||||
if one == two:
|
||||
# Hash password
|
||||
hashed_password = make_flask_login_password(form.password.data)
|
||||
if form.validate_on_submit():
|
||||
ret = handle_set_password(form)
|
||||
if ret:
|
||||
return ret
|
||||
|
||||
# Change password
|
||||
current_user.password = hashed_password
|
||||
db.session.commit()
|
||||
|
||||
# Prepare one-time system message
|
||||
flash('Your password has been changed successfully.', 'success')
|
||||
|
||||
newEmail = form["email"].data
|
||||
if newEmail != current_user.email and newEmail.strip() != "":
|
||||
token = randomString(32)
|
||||
|
||||
ver = UserEmailVerification()
|
||||
ver.user = current_user
|
||||
ver.token = token
|
||||
ver.email = newEmail
|
||||
db.session.add(ver)
|
||||
db.session.commit()
|
||||
|
||||
task = sendVerifyEmail.delay(newEmail, token)
|
||||
return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
|
||||
else:
|
||||
return redirect(url_for("users.login"))
|
||||
else:
|
||||
flash("Passwords do not match", "danger")
|
||||
|
||||
return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))
|
||||
return render_template("users/change_set_password.html", form=form, optional=request.args.get("optional"))
|
||||
|
||||
|
||||
@bp.route("/user/verify/")
|
||||
|
|
|
@ -93,7 +93,7 @@ def profile(username):
|
|||
|
||||
if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
|
||||
newEmail = form["email"].data
|
||||
if newEmail != user.email and newEmail.strip() != "":
|
||||
if newEmail and newEmail != user.email and newEmail.strip() != "":
|
||||
token = randomString(32)
|
||||
|
||||
msg = "Changed email of {}".format(user.display_name)
|
||||
|
|
|
@ -21,8 +21,8 @@
|
|||
<form action="" method="POST" class="form" role="form">
|
||||
{{ form.hidden_tag() }}
|
||||
|
||||
{% if not current_user.email %}
|
||||
{{ render_field(form.email, tabindex=230) }}
|
||||
{% if form.email and not current_user.email %}
|
||||
{{ render_field(form.email, tabindex=220) }}
|
||||
|
||||
<p>
|
||||
Your email is needed to recover your account if you forget your
|
||||
|
@ -31,6 +31,10 @@
|
|||
</p>
|
||||
{% endif %}
|
||||
|
||||
{% if form.old_password %}
|
||||
{{ render_field(form.old_password, tabindex=230) }}
|
||||
{% endif %}
|
||||
|
||||
{{ render_field(form.password, tabindex=230) }}
|
||||
{{ render_field(form.password2, tabindex=240) }}
|
||||
|
Loading…
Reference in New Issue