diff options
| author | Jakob Kramer <jakob.kramer@gmx.de> | 2011-11-19 22:17:21 +0100 |
|---|---|---|
| committer | Jakob Kramer <jakob.kramer@gmx.de> | 2011-11-20 00:37:19 +0100 |
| commit | 4837b2f253e7f525eb4eb97a574c8af68c0ff570 (patch) | |
| tree | 8ee615fafe2eb84868721c801cf2b8d7aa41f6c8 | |
| parent | 909dda1f85b27866e0d20343169c91953ca7d8f6 (diff) | |
| download | mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.tar.lz mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.tar.xz mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.zip | |
added support for changing the password, issue #643
| -rw-r--r-- | mediagoblin/edit/forms.py | 13 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 34 |
2 files changed, 37 insertions, 10 deletions
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py index 7e71722c..ec4e22b3 100644 --- a/mediagoblin/edit/forms.py +++ b/mediagoblin/edit/forms.py @@ -43,6 +43,19 @@ class EditProfileForm(wtforms.Form): _('Website'), [wtforms.validators.Optional(), wtforms.validators.URL(message='Improperly formed URL')]) + old_password = wtforms.PasswordField( + _('Old password'), + [wtforms.validators.Optional()]) + new_password = wtforms.PasswordField( + _('New Password'), + [wtforms.validators.Optional(), + wtforms.validators.Length(min=6, max=30), + wtforms.validators.EqualTo( + 'confirm_password', + 'Passwords must match.')]) + confirm_password = wtforms.PasswordField( + 'Confirm password', + [wtforms.validators.Optional()]) class EditAttachmentsForm(wtforms.Form): diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 5f781552..75bf51bf 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -26,6 +26,7 @@ from werkzeug.utils import secure_filename from mediagoblin import messages from mediagoblin import mg_globals +from mediagoblin.auth import lib as auth_lib from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media from mediagoblin.decorators import require_active_login, get_user_media_entry @@ -161,19 +162,32 @@ def edit_profile(request): bio=user.get('bio')) if request.method == 'POST' and form.validate(): - user['url'] = unicode(request.POST['url']) - user['bio'] = unicode(request.POST['bio']) + user['url'] = unicode(request.POST['url']) + user['bio'] = unicode(request.POST['bio']) - user['bio_html'] = cleaned_markdown_conversion(user['bio']) - - user.save() + password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'], + user['pw_hash']) + if (request.POST['old_password'] or request.POST['new_password']) and not \ + password_matches: messages.add_message(request, - messages.SUCCESS, - _("Profile edited!")) - return redirect(request, - 'mediagoblin.user_pages.user_home', - user=edit_username) + messages.ERROR, + _('Wrong password')) + + if password_matches: + user['pw_hash'] = auth_lib.bcrypt_gen_password_hash( + request.POST['new_password']) + + user['bio_html'] = cleaned_markdown_conversion(user['bio']) + + user.save() + + messages.add_message(request, + messages.SUCCESS, + _("Profile edited!")) + return redirect(request, + 'mediagoblin.user_pages.user_home', + user=edit_username) return render_to_response( request, |