From 64cbccf9ad2d1653636aa7604129901f88b0b059 Mon Sep 17 00:00:00 2001
From: Alban <alban.feron@gmail.com>
Date: Sun, 9 Dec 2012 21:34:39 +0100
Subject: [PATCH] Pages allowing the user to change his pasword and email

---
 templates/change_mail.html |  9 ++++++++
 templates/change_pass.html | 11 +++++++++
 templates/layout.html      |  5 ++++-
 templates/profile.html     | 11 +++++++++
 user.py                    | 46 ++++++++++++++++++++++++++++++++++++--
 user_manager.py            | 13 +++++++++++
 6 files changed, 92 insertions(+), 3 deletions(-)
 create mode 100755 templates/change_mail.html
 create mode 100755 templates/change_pass.html
 create mode 100755 templates/profile.html

diff --git a/templates/change_mail.html b/templates/change_mail.html
new file mode 100755
index 0000000..9ac799d
--- /dev/null
+++ b/templates/change_mail.html
@@ -0,0 +1,9 @@
+{% extends "layout.html" %}
+{% block body %}
+<h2>{{ user.name }}</h2>
+<form method="post">
+	<label for="mail">Email</label><input type="text" name="mail" id="mail" value="{{ request.form.mail or user.mail }}" /><br />
+	<input type="submit" />
+</form>
+{% endblock %}
+
diff --git a/templates/change_pass.html b/templates/change_pass.html
new file mode 100755
index 0000000..947072f
--- /dev/null
+++ b/templates/change_pass.html
@@ -0,0 +1,11 @@
+{% extends "layout.html" %}
+{% block body %}
+<h2>{{ user }}</h2>
+<form method="post">
+	<label for="current">Current password</label><input type="password" name="current" id="current" /><br />
+	<label for="new">New password</label><input type="password" name="new" id="new" /><br />
+	<label for="confirm">Confirm</label><input type="password" name="confirm" id="confirm" /><br />
+	<input type="submit" />
+</form>
+{% endblock %}
+
diff --git a/templates/layout.html b/templates/layout.html
index c3e705f..758618c 100755
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -14,7 +14,10 @@
 <div class="page">
 	<h1>Supysonic</h1>
 
-	<p><a href="{{ url_for('index') }}">Home</a> | {% if session.get('userid') %}<a href="{{ url_for('logout') }}">Log out</a>{% else %}<a href="{{ url_for('login') }}">Log in</a>{% endif %}</p>
+	<p><a href="{{ url_for('index') }}">Home</a> |
+	{% if session.userid %}<a href="{{ url_for('user_profile') }}">{{ session.username }}</a> - <a href="{{ url_for('logout') }}">Log out</a>
+	{% else %}<a href="{{ url_for('login') }}">Log in</a>
+	{% endif %}</p>
 
 	{% if get_flashed_messages() %}
 	<div class="flash">
diff --git a/templates/profile.html b/templates/profile.html
new file mode 100755
index 0000000..4ca32db
--- /dev/null
+++ b/templates/profile.html
@@ -0,0 +1,11 @@
+{% extends "layout.html" %}
+{% block body %}
+<h2>{{ user.name }}</h2>
+<ul>
+	{% if user.admin %}<li>You're an admin!</li>{% endif %}
+	<li><strong>Email</strong>: {{ user.mail }} - <a href="{{ url_for('change_mail') }}">Change</a></li>
+	<li><strong>LastFM status</strong>: Unavailable</li>
+	<li><a href="{{ url_for('change_password') }}">Change password</a></li>
+</ul>
+{% endblock %}
+
diff --git a/user.py b/user.py
index 768af16..fcb28e7 100755
--- a/user.py
+++ b/user.py
@@ -4,11 +4,11 @@ from flask import request, session, flash, render_template, redirect, url_for
 
 from web import app
 from user_manager import UserManager
-from db import User
+from db import User, session as db_sess
 
 @app.before_request
 def check_admin():
-	if not request.path.startswith('/user') or request.endpoint in ('login', 'logout'):
+	if not request.path.startswith('/user'):
 		return
 
 	if request.endpoint == 'add_user' and User.query.filter(User.admin == True).count() == 0:
@@ -21,6 +21,47 @@ def check_admin():
 def user_index():
 	return render_template('users.html', users = User.query.all())
 
+@app.route('/user/me')
+def user_profile():
+	return render_template('profile.html', user = UserManager.get(session.get('userid'))[1])
+
+@app.route('/user/changemail', methods = [ 'GET', 'POST' ])
+def change_mail():
+	user = UserManager.get(session.get('userid'))[1]
+	if request.method == 'POST':
+		mail = request.form.get('mail')
+		# No validation, lol.
+		user.mail = mail
+		db_sess.commit()
+		return redirect(url_for('user_profile'))
+
+	return render_template('change_mail.html', user = user)
+
+@app.route('/user/changepass', methods = [ 'GET', 'POST' ])
+def change_password():
+	if request.method == 'POST':
+		current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
+		error = False
+		if current in ('', None):
+			flash('The current password is required')
+			error = True
+		if new in ('', None):
+			flash('The new password is required')
+			error = True
+		if new != confirm:
+			flash("The new password and its confirmation don't match")
+			error = True
+
+		if not error:
+			status = UserManager.change_password(session.get('userid'), current, new)
+			if status != UserManager.SUCCESS:
+				flash(UserManager.error_str(status))
+			else:
+				flash('Password changed')
+				return redirect(url_for('user_profile'))
+
+	return render_template('change_pass.html', user = UserManager.get(session.get('userid'))[1].name)
+
 @app.route('/user/add', methods = [ 'GET', 'POST' ])
 def add_user():
 	if request.method == 'GET':
@@ -87,6 +128,7 @@ def login():
 		status, user = UserManager.try_auth(name, password)
 		if status == UserManager.SUCCESS:
 			session['userid'] = str(user.id)
+			session['username'] = user.name
 			flash('Logged in!')
 			return redirect(return_url)
 		else:
diff --git a/user_manager.py b/user_manager.py
index 637d875..a3b5423 100755
--- a/user_manager.py
+++ b/user_manager.py
@@ -63,6 +63,19 @@ class UserManager:
 		else:
 			return UserManager.SUCCESS, user
 
+	@staticmethod
+	def change_password(uid, old_pass, new_pass):
+		status, user = UserManager.get(uid)
+		if status != UserManager.SUCCESS:
+			return status
+
+		if UserManager.__encrypt_password(old_pass, user.salt)[0] != user.password:
+			return UserManager.WRONG_PASS
+
+		user.password = UserManager.__encrypt_password(new_pass, user.salt)[0]
+		session.commit()
+		return UserManager.SUCCESS
+
 	@staticmethod
 	def error_str(err):
 		if err == UserManager.SUCCESS: