Pages allowing the user to change his pasword and email

2024-12-22 17:06:17 +00:00 · 2012-12-09 21:34:39 +01:00 · 2012-12-09 21:34:39 +01:00 · 64cbccf9ad
commit 64cbccf9ad
parent 15a9722325
6 changed files with 92 additions and 3 deletions
--- a/templates/change_mail.html
+++ b/templates/change_mail.html
@ -0,0 +1,9 @@
+{% extends "layout.html" %}
+{% block body %}
+<h2>{{ user.name }}</h2>
+<form method="post">
+	<label for="mail">Email</label><input type="text" name="mail" id="mail" value="{{ request.form.mail or user.mail }}" /><br />
+	<input type="submit" />
+</form>
+{% endblock %}
+
--- a/templates/change_pass.html
+++ b/templates/change_pass.html
@ -0,0 +1,11 @@
+{% extends "layout.html" %}
+{% block body %}
+<h2>{{ user }}</h2>
+<form method="post">
+	<label for="current">Current password</label><input type="password" name="current" id="current" /><br />
+	<label for="new">New password</label><input type="password" name="new" id="new" /><br />
+	<label for="confirm">Confirm</label><input type="password" name="confirm" id="confirm" /><br />
+	<input type="submit" />
+</form>
+{% endblock %}
+
--- a/templates/layout.html
+++ b/templates/layout.html
@ -14,7 +14,10 @@
 <div class="page">
 	<h1>Supysonic</h1>

-	<p><a href="{{ url_for('index') }}">Home</a> | {% if session.get('userid') %}<a href="{{ url_for('logout') }}">Log out</a>{% else %}<a href="{{ url_for('login') }}">Log in</a>{% endif %}</p>
+	<p><a href="{{ url_for('index') }}">Home</a> |
+	{% if session.userid %}<a href="{{ url_for('user_profile') }}">{{ session.username }}</a> - <a href="{{ url_for('logout') }}">Log out</a>
+	{% else %}<a href="{{ url_for('login') }}">Log in</a>
+	{% endif %}</p>

 	{% if get_flashed_messages() %}
 	<div class="flash">
--- a/templates/profile.html
+++ b/templates/profile.html
@ -0,0 +1,11 @@
+{% extends "layout.html" %}
+{% block body %}
+<h2>{{ user.name }}</h2>
+<ul>
+	{% if user.admin %}<li>You're an admin!</li>{% endif %}
+	<li><strong>Email</strong>: {{ user.mail }} - <a href="{{ url_for('change_mail') }}">Change</a></li>
+	<li><strong>LastFM status</strong>: Unavailable</li>
+	<li><a href="{{ url_for('change_password') }}">Change password</a></li>
+</ul>
+{% endblock %}
+
--- a/user.py
+++ b/user.py
@ -4,11 +4,11 @@ from flask import request, session, flash, render_template, redirect, url_for

 from web import app
 from user_manager import UserManager
-from db import User
+from db import User, session as db_sess

@app.before_request
 def check_admin():
-	if not request.path.startswith('/user') or request.endpoint in ('login', 'logout'):
+	if not request.path.startswith('/user'):
 		return

 	if request.endpoint == 'add_user' and User.query.filter(User.admin == True).count() == 0:
@ -21,6 +21,47 @@ def check_admin():
 def user_index():
 	return render_template('users.html', users = User.query.all())

+@app.route('/user/me')
+def user_profile():
+	return render_template('profile.html', user = UserManager.get(session.get('userid'))[1])
+
+@app.route('/user/changemail', methods = [ 'GET', 'POST' ])
+def change_mail():
+	user = UserManager.get(session.get('userid'))[1]
+	if request.method == 'POST':
+		mail = request.form.get('mail')
+		# No validation, lol.
+		user.mail = mail
+		db_sess.commit()
+		return redirect(url_for('user_profile'))
+
+	return render_template('change_mail.html', user = user)
+
+@app.route('/user/changepass', methods = [ 'GET', 'POST' ])
+def change_password():
+	if request.method == 'POST':
+		current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
+		error = False
+		if current in ('', None):
+			flash('The current password is required')
+			error = True
+		if new in ('', None):
+			flash('The new password is required')
+			error = True
+		if new != confirm:
+			flash("The new password and its confirmation don't match")
+			error = True
+
+		if not error:
+			status = UserManager.change_password(session.get('userid'), current, new)
+			if status != UserManager.SUCCESS:
+				flash(UserManager.error_str(status))
+			else:
+				flash('Password changed')
+				return redirect(url_for('user_profile'))
+
+	return render_template('change_pass.html', user = UserManager.get(session.get('userid'))[1].name)
+
@app.route('/user/add', methods = [ 'GET', 'POST' ])
 def add_user():
 	if request.method == 'GET':
@ -87,6 +128,7 @@ def login():
 		status, user = UserManager.try_auth(name, password)
 		if status == UserManager.SUCCESS:
 			session['userid'] = str(user.id)
+			session['username'] = user.name
 			flash('Logged in!')
 			return redirect(return_url)
 		else:
--- a/user_manager.py
+++ b/user_manager.py
@ -63,6 +63,19 @@ class UserManager:
 		else:
 			return UserManager.SUCCESS, user

+	@staticmethod
+	def change_password(uid, old_pass, new_pass):
+		status, user = UserManager.get(uid)
+		if status != UserManager.SUCCESS:
+			return status
+
+		if UserManager.__encrypt_password(old_pass, user.salt)[0] != user.password:
+			return UserManager.WRONG_PASS
+
+		user.password = UserManager.__encrypt_password(new_pass, user.salt)[0]
+		session.commit()
+		return UserManager.SUCCESS
+
 	@staticmethod
 	def error_str(err):
 		if err == UserManager.SUCCESS: