Implement change password
This commit is contained in:
parent
bfcdd642fd
commit
43aab057c8
|
@ -177,7 +177,7 @@ class SwitchUserForm(FlaskForm):
|
||||||
@rank_required(UserRank.ADMIN)
|
@rank_required(UserRank.ADMIN)
|
||||||
def switch_user():
|
def switch_user():
|
||||||
form = SwitchUserForm(formdata=request.form)
|
form = SwitchUserForm(formdata=request.form)
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
user = User.query.filter_by(username=form["username"].data).first()
|
user = User.query.filter_by(username=form["username"].data).first()
|
||||||
if user is None:
|
if user is None:
|
||||||
flash("Unable to find user", "danger")
|
flash("Unable to find user", "danger")
|
||||||
|
|
|
@ -48,7 +48,7 @@ def create_edit_license(name=None):
|
||||||
form = LicenseForm(formdata=request.form, obj=license)
|
form = LicenseForm(formdata=request.form, obj=license)
|
||||||
if request.method == "GET" and license is None:
|
if request.method == "GET" and license is None:
|
||||||
form.is_foss.data = True
|
form.is_foss.data = True
|
||||||
elif request.method == "POST" and form.validate():
|
elif form.validate_on_submit():
|
||||||
if license is None:
|
if license is None:
|
||||||
license = License(form.name.data)
|
license = License(form.name.data)
|
||||||
db.session.add(license)
|
db.session.add(license)
|
||||||
|
|
|
@ -60,7 +60,7 @@ def create_edit_tag(name=None):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
form = TagForm(formdata=request.form, obj=tag)
|
form = TagForm(formdata=request.form, obj=tag)
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
if tag is None:
|
if tag is None:
|
||||||
tag = Tag(form.title.data)
|
tag = Tag(form.title.data)
|
||||||
tag.description = form.description.data
|
tag.description = form.description.data
|
||||||
|
|
|
@ -46,7 +46,7 @@ def create_edit_version(name=None):
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
||||||
form = VersionForm(formdata=request.form, obj=version)
|
form = VersionForm(formdata=request.form, obj=version)
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
if version is None:
|
if version is None:
|
||||||
version = MinetestRelease(form.name.data)
|
version = MinetestRelease(form.name.data)
|
||||||
db.session.add(version)
|
db.session.add(version)
|
||||||
|
|
|
@ -47,7 +47,7 @@ def create_edit_warning(name=None):
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
||||||
form = WarningForm(formdata=request.form, obj=warning)
|
form = WarningForm(formdata=request.form, obj=warning)
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
if warning is None:
|
if warning is None:
|
||||||
warning = ContentWarning(form.title.data, form.description.data)
|
warning = ContentWarning(form.title.data, form.description.data)
|
||||||
db.session.add(warning)
|
db.session.add(warning)
|
||||||
|
|
|
@ -80,7 +80,7 @@ def create_edit_token(username, id=None):
|
||||||
form = CreateAPIToken(formdata=request.form, obj=token)
|
form = CreateAPIToken(formdata=request.form, obj=token)
|
||||||
form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
|
form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
|
||||||
|
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
if is_new:
|
if is_new:
|
||||||
token = APIToken()
|
token = APIToken()
|
||||||
token.owner = user
|
token.owner = user
|
||||||
|
|
|
@ -191,7 +191,7 @@ def setup_webhook():
|
||||||
redirect_uri=abs_url_for("github.callback_webhook", pid=pid))
|
redirect_uri=abs_url_for("github.callback_webhook", pid=pid))
|
||||||
|
|
||||||
form = SetupWebhookForm(formdata=request.form)
|
form = SetupWebhookForm(formdata=request.form)
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
token = APIToken()
|
token = APIToken()
|
||||||
token.name = "GitHub Webhook for " + package.title
|
token.name = "GitHub Webhook for " + package.title
|
||||||
token.owner = current_user
|
token.owner = current_user
|
||||||
|
|
|
@ -286,7 +286,7 @@ def create_edit(author=None, name=None):
|
||||||
if request.method == "POST" and form.type.data == PackageType.TXP:
|
if request.method == "POST" and form.type.data == PackageType.TXP:
|
||||||
form.license.data = form.media_license.data
|
form.license.data = form.media_license.data
|
||||||
|
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
wasNew = False
|
wasNew = False
|
||||||
if not package:
|
if not package:
|
||||||
package = Package.query.filter_by(name=form["name"].data, author_id=author.id).first()
|
package = Package.query.filter_by(name=form["name"].data, author_id=author.id).first()
|
||||||
|
@ -468,7 +468,7 @@ def edit_maintainers(package):
|
||||||
if request.method == "GET":
|
if request.method == "GET":
|
||||||
form.maintainers_str.data = ", ".join([ x.username for x in package.maintainers if x != package.author ])
|
form.maintainers_str.data = ", ".join([ x.username for x in package.maintainers if x != package.author ])
|
||||||
|
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
usernames = [x.strip().lower() for x in form.maintainers_str.data.split(",")]
|
usernames = [x.strip().lower() for x in form.maintainers_str.data.split(",")]
|
||||||
users = User.query.filter(func.lower(User.username).in_(usernames)).all()
|
users = User.query.filter(func.lower(User.username).in_(usernames)).all()
|
||||||
|
|
||||||
|
|
|
@ -75,7 +75,7 @@ def create_release(package):
|
||||||
if request.method != "POST":
|
if request.method != "POST":
|
||||||
form["uploadOpt"].data = "vcs"
|
form["uploadOpt"].data = "vcs"
|
||||||
|
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
if form["uploadOpt"].data == "vcs":
|
if form["uploadOpt"].data == "vcs":
|
||||||
rel = PackageRelease()
|
rel = PackageRelease()
|
||||||
rel.package = package
|
rel.package = package
|
||||||
|
@ -169,7 +169,7 @@ def edit_release(package, id):
|
||||||
# HACK: fix bug in wtforms
|
# HACK: fix bug in wtforms
|
||||||
form.approved.data = release.approved
|
form.approved.data = release.approved
|
||||||
|
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
wasApproved = release.approved
|
wasApproved = release.approved
|
||||||
if canEdit:
|
if canEdit:
|
||||||
release.title = form["title"].data
|
release.title = form["title"].data
|
||||||
|
@ -217,7 +217,7 @@ def bulk_change_release(package):
|
||||||
|
|
||||||
if request.method == "GET":
|
if request.method == "GET":
|
||||||
form.only_change_none.data = True
|
form.only_change_none.data = True
|
||||||
elif request.method == "POST" and form.validate():
|
elif form.validate_on_submit():
|
||||||
only_change_none = form.only_change_none.data
|
only_change_none = form.only_change_none.data
|
||||||
|
|
||||||
for release in package.releases.all():
|
for release in package.releases.all():
|
||||||
|
|
|
@ -59,7 +59,7 @@ def review(package):
|
||||||
form.comment.data = review.thread.replies[0].comment
|
form.comment.data = review.thread.replies[0].comment
|
||||||
|
|
||||||
# Validate and submit
|
# Validate and submit
|
||||||
elif request.method == "POST" and form.validate():
|
elif form.validate_on_submit():
|
||||||
was_new = False
|
was_new = False
|
||||||
if not review:
|
if not review:
|
||||||
was_new = True
|
was_new = True
|
||||||
|
|
|
@ -46,7 +46,7 @@ def create_screenshot(package):
|
||||||
|
|
||||||
# Initial form class from post data and default data
|
# Initial form class from post data and default data
|
||||||
form = CreateScreenshotForm()
|
form = CreateScreenshotForm()
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
uploadedUrl, uploadedPath = doFileUpload(form.fileUpload.data, "image",
|
uploadedUrl, uploadedPath = doFileUpload(form.fileUpload.data, "image",
|
||||||
"a PNG or JPG image file")
|
"a PNG or JPG image file")
|
||||||
if uploadedUrl is not None:
|
if uploadedUrl is not None:
|
||||||
|
@ -85,7 +85,7 @@ def edit_screenshot(package, id):
|
||||||
# HACK: fix bug in wtforms
|
# HACK: fix bug in wtforms
|
||||||
form.approved.data = screenshot.approved
|
form.approved.data = screenshot.approved
|
||||||
|
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
if canEdit and form["delete"].data:
|
if canEdit and form["delete"].data:
|
||||||
PackageScreenshot.query.filter_by(id=id).delete()
|
PackageScreenshot.query.filter_by(id=id).delete()
|
||||||
|
|
||||||
|
|
|
@ -163,7 +163,7 @@ def edit_reply(id):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
form = CommentForm(formdata=request.form, obj=reply)
|
form = CommentForm(formdata=request.form, obj=reply)
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
comment = form.comment.data
|
comment = form.comment.data
|
||||||
|
|
||||||
msg = "Edited reply by {}".format(reply.author.display_name)
|
msg = "Edited reply by {}".format(reply.author.display_name)
|
||||||
|
@ -271,7 +271,7 @@ def new():
|
||||||
form.title.data = request.args.get("title") or ""
|
form.title.data = request.args.get("title") or ""
|
||||||
|
|
||||||
# Validate and submit
|
# Validate and submit
|
||||||
elif request.method == "POST" and form.validate():
|
elif form.validate_on_submit():
|
||||||
thread = Thread()
|
thread = Thread()
|
||||||
thread.author = current_user
|
thread.author = current_user
|
||||||
thread.title = form.title.data
|
thread.title = form.title.data
|
||||||
|
|
|
@ -68,6 +68,13 @@ def handle_login(form):
|
||||||
|
|
||||||
@bp.route("/user/login/", methods=["GET", "POST"])
|
@bp.route("/user/login/", methods=["GET", "POST"])
|
||||||
def login():
|
def login():
|
||||||
|
if current_user.is_authenticated:
|
||||||
|
next = request.args.get("next")
|
||||||
|
if next and not is_safe_url(next):
|
||||||
|
abort(400)
|
||||||
|
|
||||||
|
return redirect(next or url_for("homepage.home"))
|
||||||
|
|
||||||
form = LoginForm(request.form)
|
form = LoginForm(request.form)
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
ret = handle_login(form)
|
ret = handle_login(form)
|
||||||
|
@ -134,10 +141,61 @@ class SetPasswordForm(FlaskForm):
|
||||||
password2 = PasswordField("Verify password", [InputRequired(), Length(8, 100)])
|
password2 = PasswordField("Verify password", [InputRequired(), Length(8, 100)])
|
||||||
submit = SubmitField("Save")
|
submit = SubmitField("Save")
|
||||||
|
|
||||||
|
class ChangePasswordForm(FlaskForm):
|
||||||
|
old_password = PasswordField("Old password", [InputRequired(), Length(8, 100)])
|
||||||
|
password = PasswordField("New password", [InputRequired(), Length(8, 100)])
|
||||||
|
password2 = PasswordField("Verify password", [InputRequired(), Length(8, 100)])
|
||||||
|
submit = SubmitField("Save")
|
||||||
|
|
||||||
|
|
||||||
|
def handle_set_password(form):
|
||||||
|
one = form.password.data
|
||||||
|
two = form.password2.data
|
||||||
|
if one != two:
|
||||||
|
flash("Passwords do not much", "danger")
|
||||||
|
return
|
||||||
|
|
||||||
|
current_user.password = make_flask_login_password(form.password.data)
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
flash("Your password has been changed successfully.", "success")
|
||||||
|
|
||||||
|
if hasattr(form, "email"):
|
||||||
|
newEmail = form.email.data
|
||||||
|
if newEmail != current_user.email and newEmail.strip() != "":
|
||||||
|
token = randomString(32)
|
||||||
|
|
||||||
|
ver = UserEmailVerification()
|
||||||
|
ver.user = current_user
|
||||||
|
ver.token = token
|
||||||
|
ver.email = newEmail
|
||||||
|
db.session.add(ver)
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
task = sendVerifyEmail.delay(newEmail, token)
|
||||||
|
return redirect(
|
||||||
|
url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
|
||||||
|
|
||||||
|
return redirect(url_for("homepage.home"))
|
||||||
|
|
||||||
|
|
||||||
@bp.route("/user/change-password/", methods=["GET", "POST"])
|
@bp.route("/user/change-password/", methods=["GET", "POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def change_password():
|
def change_password():
|
||||||
return "change"
|
form = ChangePasswordForm(request.form)
|
||||||
|
|
||||||
|
if current_user.email is None:
|
||||||
|
form.email.validators = [InputRequired(), Email()]
|
||||||
|
|
||||||
|
if form.validate_on_submit():
|
||||||
|
if check_password_hash(current_user.password, form.old_password.data):
|
||||||
|
ret = handle_set_password(form)
|
||||||
|
if ret:
|
||||||
|
return ret
|
||||||
|
else:
|
||||||
|
flash("Old password is incorrect", "danger")
|
||||||
|
|
||||||
|
return render_template("users/change_set_password.html", form=form)
|
||||||
|
|
||||||
|
|
||||||
@bp.route("/user/set-password/", methods=["GET", "POST"])
|
@bp.route("/user/set-password/", methods=["GET", "POST"])
|
||||||
|
@ -150,39 +208,12 @@ def set_password():
|
||||||
if current_user.email is None:
|
if current_user.email is None:
|
||||||
form.email.validators = [InputRequired(), Email()]
|
form.email.validators = [InputRequired(), Email()]
|
||||||
|
|
||||||
if request.method == "POST" and form.validate():
|
if form.validate_on_submit():
|
||||||
one = form.password.data
|
ret = handle_set_password(form)
|
||||||
two = form.password2.data
|
if ret:
|
||||||
if one == two:
|
return ret
|
||||||
# Hash password
|
|
||||||
hashed_password = make_flask_login_password(form.password.data)
|
|
||||||
|
|
||||||
# Change password
|
return render_template("users/change_set_password.html", form=form, optional=request.args.get("optional"))
|
||||||
current_user.password = hashed_password
|
|
||||||
db.session.commit()
|
|
||||||
|
|
||||||
# Prepare one-time system message
|
|
||||||
flash('Your password has been changed successfully.', 'success')
|
|
||||||
|
|
||||||
newEmail = form["email"].data
|
|
||||||
if newEmail != current_user.email and newEmail.strip() != "":
|
|
||||||
token = randomString(32)
|
|
||||||
|
|
||||||
ver = UserEmailVerification()
|
|
||||||
ver.user = current_user
|
|
||||||
ver.token = token
|
|
||||||
ver.email = newEmail
|
|
||||||
db.session.add(ver)
|
|
||||||
db.session.commit()
|
|
||||||
|
|
||||||
task = sendVerifyEmail.delay(newEmail, token)
|
|
||||||
return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
|
|
||||||
else:
|
|
||||||
return redirect(url_for("users.login"))
|
|
||||||
else:
|
|
||||||
flash("Passwords do not match", "danger")
|
|
||||||
|
|
||||||
return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))
|
|
||||||
|
|
||||||
|
|
||||||
@bp.route("/user/verify/")
|
@bp.route("/user/verify/")
|
||||||
|
|
|
@ -93,7 +93,7 @@ def profile(username):
|
||||||
|
|
||||||
if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
|
if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
|
||||||
newEmail = form["email"].data
|
newEmail = form["email"].data
|
||||||
if newEmail != user.email and newEmail.strip() != "":
|
if newEmail and newEmail != user.email and newEmail.strip() != "":
|
||||||
token = randomString(32)
|
token = randomString(32)
|
||||||
|
|
||||||
msg = "Changed email of {}".format(user.display_name)
|
msg = "Changed email of {}".format(user.display_name)
|
||||||
|
|
|
@ -21,8 +21,8 @@
|
||||||
<form action="" method="POST" class="form" role="form">
|
<form action="" method="POST" class="form" role="form">
|
||||||
{{ form.hidden_tag() }}
|
{{ form.hidden_tag() }}
|
||||||
|
|
||||||
{% if not current_user.email %}
|
{% if form.email and not current_user.email %}
|
||||||
{{ render_field(form.email, tabindex=230) }}
|
{{ render_field(form.email, tabindex=220) }}
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Your email is needed to recover your account if you forget your
|
Your email is needed to recover your account if you forget your
|
||||||
|
@ -31,6 +31,10 @@
|
||||||
</p>
|
</p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if form.old_password %}
|
||||||
|
{{ render_field(form.old_password, tabindex=230) }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{{ render_field(form.password, tabindex=230) }}
|
{{ render_field(form.password, tabindex=230) }}
|
||||||
{{ render_field(form.password2, tabindex=240) }}
|
{{ render_field(form.password2, tabindex=240) }}
|
||||||
|
|
Loading…
Reference in New Issue