Merge remote-tracking branch 'rodney757/change_pass'

* rodney757/change_pass:
  fixed translation, and changed tabs to spaces, and change it so the user can view their password as they're typing.
  modified change_pass tests
  moved change pass to a seperate view and fixed issues 709

6 files changed, 119 insertions, 33 deletions

diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py
index ef270237..3b2486de 100644
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@@ -59,17 +59,6 @@ class EditProfileForm(wtforms.Form):
 
 
 class EditAccountForm(wtforms.Form):
-    old_password = wtforms.PasswordField(
-        _('Old password'),
-        description=_(
-            "Enter your old password to prove you own this account."))
-    new_password = wtforms.PasswordField(
-        _('New password'),
-        [
-            wtforms.validators.Optional(),
-            wtforms.validators.Length(min=6, max=30)
-        ],
-        id="password")
     license_preference = wtforms.SelectField(
         _('License preference'),
         [
@@ -103,3 +92,16 @@ class EditCollectionForm(wtforms.Form):
         description=_(
             "The title part of this collection's address. "
             "You usually don't need to change this."))
+
+
+class ChangePassForm(wtforms.Form):
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Required()],
+        description=_(
+            "Enter your old password to prove you own this account."))
+    new_password = wtforms.PasswordField(
+        _('New password'),
+        [wtforms.validators.Required(),
+         wtforms.validators.Length(min=6, max=30)],
+        id="password")
diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py
index 035a766f..622729ac 100644
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -24,3 +24,5 @@ add_route('mediagoblin.edit.account', '/edit/account/',
     'mediagoblin.edit.views:edit_account')
 add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
     'mediagoblin.edit.views:delete_account')
+add_route('mediagoblin.edit.pass', '/edit/password/',
+    'mediagoblin.edit.views:change_pass')
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index bfcf65b5..508c380d 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -229,18 +229,6 @@ def edit_account(request):
                 form.wants_comment_notification.data
 
         if form_validated and \
-                form.new_password.data or form.old_password.data:
-            password_matches = auth_lib.bcrypt_check_password(
-                form.old_password.data,
-                user.pw_hash)
-            if password_matches:
-                #the entire form validates and the password matches
-                user.pw_hash = auth_lib.bcrypt_gen_password_hash(
-                    form.new_password.data)
-            else:
-                form.old_password.errors.append(_('Wrong password'))
-
-        if form_validated and \
                 form.license_preference.validate(form):
             user.license_preference = \
                 form.license_preference.data
@@ -345,3 +333,39 @@ def edit_collection(request, collection):
         'mediagoblin/edit/edit_collection.html',
         {'collection': collection,
          'form': form})
+
+
+@require_active_login
+def change_pass(request):
+    form = forms.ChangePassForm(request.form)
+    user = request.user
+
+    if request.method == 'POST' and form.validate():
+
+        if not auth_lib.bcrypt_check_password(
+                form.old_password.data, user.pw_hash):
+            form.old_password.errors.append(
+                _('Wrong password'))
+
+            return render_to_response(
+                request,
+                'mediagoblin/edit/change_pass.html',
+                {'form': form,
+                 'user': user})
+
+        # Password matches
+        user.pw_hash = auth_lib.bcrypt_gen_password_hash(
+            form.new_password.data)
+        user.save()
+
+        messages.add_message(
+            request, messages.SUCCESS,
+            _('Your password was changed successfully'))
+
+        return redirect(request, 'mediagoblin.edit.account')
+
+    return render_to_response(
+        request,
+        'mediagoblin/edit/change_pass.html',
+        {'form': form,
+         'user': user})
diff --git a/mediagoblin/templates/mediagoblin/edit/change_pass.html b/mediagoblin/templates/mediagoblin/edit/change_pass.html
new file mode 100644
index 00000000..ff909b07
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/edit/change_pass.html
@@ -0,0 +1,52 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{% block mediagoblin_head %}
+  <script type="text/javascript"
+          src="{{ request.staticdirect('/js/show_password.js') }}"></script>
+{% endblock mediagoblin_head %}
+
+{% block title -%}
+  {% trans username=user.username -%}
+    Changing {{ username }}'s password
+  {%- endtrans %} &mdash; {{ super() }}
+{%- endblock %}
+
+{% block mediagoblin_content %}
+  <form action="{{ request.urlgen('mediagoblin.edit.pass') }}"
+        method="POST" enctype="multipart/form-data">
+    <div class="form_box edit_box">
+      <h1>
+        {%- trans username=user.username -%}
+          Changing {{ username }}'s password
+        {%- endtrans -%}
+      </h1>
+      {{ wtforms_util.render_divs(form) }}
+      {{ csrf_token }}
+      <div class="form_submit_buttons">
+        <input type="submit" value="{% trans %}Save{% endtrans %}"
+        class="button_form" />
+      </div>
+    </div>
+  </form>
+{% endblock %}
+
+
diff --git a/mediagoblin/templates/mediagoblin/edit/edit_account.html b/mediagoblin/templates/mediagoblin/edit/edit_account.html
index 7fe2c031..4c4aaf95 100644
--- a/mediagoblin/templates/mediagoblin/edit/edit_account.html
+++ b/mediagoblin/templates/mediagoblin/edit/edit_account.html
@@ -41,8 +41,11 @@
           Changing {{ username }}'s account settings
         {%- endtrans -%}
       </h1>
-      {{ wtforms_util.render_field_div(form.old_password) }}
-      {{ wtforms_util.render_field_div(form.new_password) }}
+      <p>
+        <a href="{{ request.urlgen('mediagoblin.edit.pass') }}">
+          {% trans %}Change your password.{% endtrans %}
+        </a>
+      </p>
       <div class="form_field_input">
         <p>{{ form.wants_comment_notification }}
            {{ wtforms_util.render_label(form.wants_comment_notification) }}</p>
@@ -50,7 +53,7 @@
       {{- wtforms_util.render_field_div(form.license_preference) }}
       <div class="form_submit_buttons">
         <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button_form" />
-	{{ csrf_token }}
+  {{ csrf_token }}
       </div>
     </div>
   </form>
diff --git a/mediagoblin/tests/test_edit.py b/mediagoblin/tests/test_edit.py
index cda2607f..08b4f8cf 100644
--- a/mediagoblin/tests/test_edit.py
+++ b/mediagoblin/tests/test_edit.py
@@ -14,6 +14,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import urlparse
 import pytest
 
 from mediagoblin import mg_globals
@@ -60,16 +61,17 @@ class TestUserEdit(object):
         self.login(test_app)
 
         # test that the password can be changed
-        # template.clear_test_template_context()
+        template.clear_test_template_context()
         res = test_app.post(
-            '/edit/account/', {
+            '/edit/password/', {
                 'old_password': 'toast',
                 'new_password': '123456',
-                'wants_comment_notification': 'y'
                 })
+        res.follow()
+
+        # Did we redirect to the correct page?
+        assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
 
-        # Check for redirect on success
-        assert res.status_int == 302
         # test_user has to be fetched again in order to have the current values
         test_user = User.query.filter_by(username=u'chris').first()
         assert bcrypt_check_password('123456', test_user.pw_hash)
@@ -77,9 +79,10 @@ class TestUserEdit(object):
         self.user_password = '123456'
 
         # test that the password cannot be changed if the given
-        # old_password is wrong template.clear_test_template_context()
+        # old_password is wrong
+        template.clear_test_template_context()
         test_app.post(
-            '/edit/account/', {
+            '/edit/password/', {
                 'old_password': 'toast',
                 'new_password': '098765',
                 })