1
0
mirror of https://github.com/spl0k/supysonic.git synced 2024-12-22 17:06:17 +00:00

Now admins can modify other users passwords

This commit is contained in:
Óscar García Amor 2017-07-27 10:23:24 +02:00
parent fe5e966dbc
commit fcf1a83234
2 changed files with 11 additions and 6 deletions

View File

@ -130,11 +130,14 @@ def change_password(uid):
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1].name
if request.method == 'POST':
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
error = False
if current in ('', None):
flash('The current password is required')
error = True
if uid == 'me' or uid == session.get('userid'):
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
if current in ('', None):
flash('The current password is required')
error = True
else:
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if new in ('', None):
flash('The new password is required')
error = True
@ -143,10 +146,10 @@ def change_password(uid):
error = True
if not error:
if uid == 'me':
if uid == 'me' or uid == session.get('userid'):
status = UserManager.change_password(store, session.get('userid'), current, new)
else:
status = UserManager.change_password(store, uuid.UUID(uid), current, new)
status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:

View File

@ -38,6 +38,7 @@
<h2>{{ user }}</h2>
</div>
<form method="post">
{% if session.username == user %}
<div class="form-group">
<label class="sr-only" for="current">Current password</label>
<div class="input-group">
@ -45,6 +46,7 @@
<input type="password" class="form-control" id="current" name="current" placeholder="Current password" />
</div>
</div>
{% endif %}
<div class="form-group">
<label class="sr-only" for="new">New password</label>
<div class="input-group">