added support for changing the password, issue #643

author: Jakob Kramer <jakob.kramer@gmx.de> 2011-11-19 22:17:21 +0100
committer: Jakob Kramer <jakob.kramer@gmx.de> 2011-11-20 00:37:19 +0100
commit: 4837b2f253e7f525eb4eb97a574c8af68c0ff570 (patch)
tree: 8ee615fafe2eb84868721c801cf2b8d7aa41f6c8 /mediagoblin/edit/views.py
parent: 909dda1f85b27866e0d20343169c91953ca7d8f6 (diff)
download: mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.tar.lz
mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.tar.xz
mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.zip
1 files changed, 24 insertions, 10 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 5f781552..75bf51bf 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -26,6 +26,7 @@ from werkzeug.utils import secure_filename
 from mediagoblin import messages
 from mediagoblin import mg_globals
 
+from mediagoblin.auth import lib as auth_lib
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import require_active_login, get_user_media_entry
@@ -161,19 +162,32 @@ def edit_profile(request):
         bio=user.get('bio'))
 
     if request.method == 'POST' and form.validate():
-            user['url'] = unicode(request.POST['url'])
-            user['bio'] = unicode(request.POST['bio'])
+        user['url'] = unicode(request.POST['url'])
+        user['bio'] = unicode(request.POST['bio'])
 
-            user['bio_html'] = cleaned_markdown_conversion(user['bio'])
-
-            user.save()
+        password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'],
+                                                          user['pw_hash'])
 
+        if (request.POST['old_password'] or request.POST['new_password']) and not \
+                password_matches:
             messages.add_message(request,
-                                 messages.SUCCESS,
-                                 _("Profile edited!"))
-            return redirect(request,
-                           'mediagoblin.user_pages.user_home',
-                            user=edit_username)
+                                 messages.ERROR,
+                                 _('Wrong password'))
+
+        if password_matches:
+            user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+                request.POST['new_password'])
+
+        user['bio_html'] = cleaned_markdown_conversion(user['bio'])
+
+        user.save()
+
+        messages.add_message(request,
+                             messages.SUCCESS,
+                             _("Profile edited!"))
+        return redirect(request,
+                       'mediagoblin.user_pages.user_home',
+                        user=edit_username)
 
     return render_to_response(
         request,
author	Jakob Kramer <jakob.kramer@gmx.de>	2011-11-19 22:17:21 +0100
committer	Jakob Kramer <jakob.kramer@gmx.de>	2011-11-20 00:37:19 +0100
commit	4837b2f253e7f525eb4eb97a574c8af68c0ff570 (patch)
tree	8ee615fafe2eb84868721c801cf2b8d7aa41f6c8 /mediagoblin/edit/views.py
parent	909dda1f85b27866e0d20343169c91953ca7d8f6 (diff)
download	mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.tar.lz mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.tar.xz mediagoblin-4837b2f253e7f525eb4eb97a574c8af68c0ff570.zip