diasporadiaries

a platform for writing stories with personal accounts and messages
git clone git://parazyd.org/diasporadiaries.git
Log | Files | Refs | Submodules | README | LICENSE

commit a11afab29dbf8e8e6b077a2d154532fff4362cec
parent 56792a94c7d9141e26503054c010c89e4a7dbc04
Author: parazyd <parazyd@dyne.org>
Date:   Tue, 22 Jan 2019 00:38:39 +0100

Implement changing of passwords.

Diffstat:
Mdiaspora.py | 27+++++++++++++++++++++++++++
Atemplates/change_pass.html | 32++++++++++++++++++++++++++++++++
Mtemplates/login.html | 8+++++---
Mutils.py | 2+-
4 files changed, 65 insertions(+), 4 deletions(-)

diff --git a/diaspora.py b/diaspora.py @@ -108,6 +108,10 @@ def login(): if validate_user(user, password): login_user(LoginUser(user['id']), remember=True) + + if user['is_active'] == 0: + return redirect('/changepass') + nxt = request.args.get('next') if not nxt: nxt = url_for('main') @@ -118,6 +122,29 @@ def login(): return render_template('login.html') +@app.route('/changepass', methods=['GET', 'POST']) +@login_required +def changepass(): + user = find_user_by_email(current_user.username) + + if request.method != 'POST': + return render_template('change_pass.html', first=user['is_active']) + + if request.form['42']: + return render_template('fail.html', msg='You robot!') + + old_in_db = user['password'] + old_in_pg = request.form['oldpassword'] + new_in_pg = request.form['newpassword'] + + if hashpw(old_in_pg.encode(), old_in_db) == old_in_db: + hashed = hashpw(new_in_pg.encode(), gensalt()) + sql_update_row_where([('password', hashed), ('is_active', 1)], + 'email', user['email'], table='users') + + return redirect('/') + + @app.route('/logout') @login_required def logout(): diff --git a/templates/change_pass.html b/templates/change_pass.html @@ -0,0 +1,32 @@ +{% include 'header.html' %} + + <title>Change password | Diaspora Diaries</title> + +{% include 'nav.html' %} + + <main role="main" class="container"> + + {% if first == 0 %} + <p class="lead">Since this is your first login, you are required + to change your password.</p> + {% endif %} + + <form action="/changepass" method="POST"> + <div class="form-group"> + <p class="lead">Old password:<br> + <input type="text" class="form-control" name="oldpassword" placeholder="password" required> + </p> + + <p class="lead">New Password:<br> + <input type="text" class="form-control" name="newpassword" placeholder="password" required> + </p> + + <input type="text" name="42" placeholder="Yeah sure" style="display: none;"> + + <input class="btn btn-outline-primary" type="submit" value="Submit"> + </div> + </form> + + </main> + + {% include 'footer.html' %} diff --git a/templates/login.html b/templates/login.html @@ -7,17 +7,19 @@ <main role="main" class="container"> <form action="/login" method="POST"> + <div class="form-group"> <p class="lead">Email:<br> - <input type="text" name="username" placeholder="email" required> + <input type="text" class="form-control" name="username" placeholder="email" required> </p> <p class="lead">Password:<br> - <input type="text" name="password" placeholder="password" required> + <input type="text" class="form-control" name="password" placeholder="password" required> </p> <input type="text" name="42" placeholder="Yeah sure" style="display: none;"> - <input type="submit" value="Login"> + <input class="btn btn-outline-primary" type="submit" value="Login"> + </div> </form> </main> diff --git a/utils.py b/utils.py @@ -223,7 +223,7 @@ def make_profile(name, email): password, 2, int(time()), - 1, + 0, ] sql_insert(userargs)