commit a11afab29dbf8e8e6b077a2d154532fff4362cec
parent 56792a94c7d9141e26503054c010c89e4a7dbc04
Author: parazyd <parazyd@dyne.org>
Date: Tue, 22 Jan 2019 00:38:39 +0100
Implement changing of passwords.
Diffstat:
4 files changed, 65 insertions(+), 4 deletions(-)
diff --git a/diaspora.py b/diaspora.py
@@ -108,6 +108,10 @@ def login():
if validate_user(user, password):
login_user(LoginUser(user['id']), remember=True)
+
+ if user['is_active'] == 0:
+ return redirect('/changepass')
+
nxt = request.args.get('next')
if not nxt:
nxt = url_for('main')
@@ -118,6 +122,29 @@ def login():
return render_template('login.html')
+@app.route('/changepass', methods=['GET', 'POST'])
+@login_required
+def changepass():
+ user = find_user_by_email(current_user.username)
+
+ if request.method != 'POST':
+ return render_template('change_pass.html', first=user['is_active'])
+
+ if request.form['42']:
+ return render_template('fail.html', msg='You robot!')
+
+ old_in_db = user['password']
+ old_in_pg = request.form['oldpassword']
+ new_in_pg = request.form['newpassword']
+
+ if hashpw(old_in_pg.encode(), old_in_db) == old_in_db:
+ hashed = hashpw(new_in_pg.encode(), gensalt())
+ sql_update_row_where([('password', hashed), ('is_active', 1)],
+ 'email', user['email'], table='users')
+
+ return redirect('/')
+
+
@app.route('/logout')
@login_required
def logout():
diff --git a/templates/change_pass.html b/templates/change_pass.html
@@ -0,0 +1,32 @@
+{% include 'header.html' %}
+
+ <title>Change password | Diaspora Diaries</title>
+
+{% include 'nav.html' %}
+
+ <main role="main" class="container">
+
+ {% if first == 0 %}
+ <p class="lead">Since this is your first login, you are required
+ to change your password.</p>
+ {% endif %}
+
+ <form action="/changepass" method="POST">
+ <div class="form-group">
+ <p class="lead">Old password:<br>
+ <input type="text" class="form-control" name="oldpassword" placeholder="password" required>
+ </p>
+
+ <p class="lead">New Password:<br>
+ <input type="text" class="form-control" name="newpassword" placeholder="password" required>
+ </p>
+
+ <input type="text" name="42" placeholder="Yeah sure" style="display: none;">
+
+ <input class="btn btn-outline-primary" type="submit" value="Submit">
+ </div>
+ </form>
+
+ </main>
+
+ {% include 'footer.html' %}
diff --git a/templates/login.html b/templates/login.html
@@ -7,17 +7,19 @@
<main role="main" class="container">
<form action="/login" method="POST">
+ <div class="form-group">
<p class="lead">Email:<br>
- <input type="text" name="username" placeholder="email" required>
+ <input type="text" class="form-control" name="username" placeholder="email" required>
</p>
<p class="lead">Password:<br>
- <input type="text" name="password" placeholder="password" required>
+ <input type="text" class="form-control" name="password" placeholder="password" required>
</p>
<input type="text" name="42" placeholder="Yeah sure" style="display: none;">
- <input type="submit" value="Login">
+ <input class="btn btn-outline-primary" type="submit" value="Login">
+ </div>
</form>
</main>
diff --git a/utils.py b/utils.py
@@ -223,7 +223,7 @@ def make_profile(name, email):
password,
2,
int(time()),
- 1,
+ 0,
]
sql_insert(userargs)