4 files changed, 58 insertions, 27 deletions
diff --git a/mediagoblin/edit/__init__.py b/mediagoblin/edit/__init__.py
index 576bd0f5..ba347c69 100644
--- a/mediagoblin/edit/__init__.py
+++ b/mediagoblin/edit/__init__.py
@@ -13,5 +13,3 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py
index f81d58b2..93934be7 100644
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@@ -14,12 +14,10 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-
 import wtforms
 
-from mediagoblin.util import tag_length_validator, TOO_LONG_TAG_WARNING
-from mediagoblin.util import fake_ugettext_passthrough as _
-
+from mediagoblin.tools.text import tag_length_validator, TOO_LONG_TAG_WARNING
+from mediagoblin.tools.translate import fake_ugettext_passthrough as _
 
 class EditForm(wtforms.Form):
     title = wtforms.TextField(
@@ -28,7 +26,9 @@ class EditForm(wtforms.Form):
     description = wtforms.TextAreaField('Description of this work')
     tags = wtforms.TextField(
         _('Tags'),
-        [tag_length_validator])
+        [tag_length_validator],
+        description=_(
+            "Seperate tags by commas or spaces."))
     slug = wtforms.TextField(
         _('Slug'),
         [wtforms.validators.Required(message=_("The slug can't be empty"))],
@@ -45,6 +45,19 @@ class EditProfileForm(wtforms.Form):
         _('Website'),
         [wtforms.validators.Optional(),
          wtforms.validators.URL(message='Improperly formed URL')])
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Optional()])
+    new_password = wtforms.PasswordField(
+        _('New Password'),
+        [wtforms.validators.Optional(),
+         wtforms.validators.Length(min=6, max=30),
+         wtforms.validators.EqualTo(
+                'confirm_password',
+                'Passwords must match.')])
+    confirm_password = wtforms.PasswordField(
+        'Confirm password',
+        [wtforms.validators.Optional()])
 
 
 class EditAttachmentsForm(wtforms.Form):
diff --git a/mediagoblin/edit/lib.py b/mediagoblin/edit/lib.py
index b722e9c1..458b704e 100644
--- a/mediagoblin/edit/lib.py
+++ b/mediagoblin/edit/lib.py
@@ -17,7 +17,7 @@
 
 def may_edit_media(request, media):
     """Check, if the request's user may edit the media details"""
-    if media['uploader'] == request.user['_id']:
+    if media['uploader'] == request.user._id:
         return True
     if request.user['is_admin']:
         return True
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 15edfdd6..673409bd 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -25,14 +25,16 @@ from werkzeug.utils import secure_filename
 
 from mediagoblin import messages
 from mediagoblin import mg_globals
-from mediagoblin.util import (
-    render_to_response, redirect, clean_html, convert_to_tag_list_of_dicts,
-    media_tags_as_string, cleaned_markdown_conversion)
-from mediagoblin.util import pass_to_ugettext as _
+
+from mediagoblin.auth import lib as auth_lib
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import require_active_login, get_user_media_entry
-
+from mediagoblin.tools.response import render_to_response, redirect
+from mediagoblin.tools.translate import pass_to_ugettext as _
+from mediagoblin.tools.text import (
+    clean_html, convert_to_tag_list_of_dicts,
+    media_tags_as_string, cleaned_markdown_conversion)
 
 @get_user_media_entry
 @require_active_login
@@ -56,7 +58,7 @@ def edit_media(request, media):
         existing_user_slug_entries = request.db.MediaEntry.find(
             {'slug': request.POST['slug'],
              'uploader': media['uploader'],
-             '_id': {'$ne': media['_id']}}).count()
+             '_id': {'$ne': media._id}}).count()
 
         if existing_user_slug_entries:
             form.slug.errors.append(
@@ -77,7 +79,7 @@ def edit_media(request, media):
                 location=media.url_for_self(request.urlgen))
 
     if request.user['is_admin'] \
-            and media['uploader'] != request.user['_id'] \
+            and media['uploader'] != request.user._id \
             and request.method != 'POST':
         messages.add_message(
             request, messages.WARNING,
@@ -103,7 +105,7 @@ def edit_attachments(request, media):
 
             attachment_public_filepath \
                 = mg_globals.public_store.get_unique_filepath(
-                ['media_entries', unicode(media['_id']), 'attachment',
+                ['media_entries', unicode(media._id), 'attachment',
                  secure_filename(request.POST['attachment_file'].filename)])
 
             attachment_public_file = mg_globals.public_store.get_file(
@@ -119,7 +121,7 @@ def edit_attachments(request, media):
                     name=request.POST['attachment_name'] \
                         or request.POST['attachment_file'].filename,
                     filepath=attachment_public_filepath,
-                    created=datetime.utcnow()
+                    created=datetime.utcnow(),
                     ))
 
             media.save()
@@ -160,19 +162,37 @@ def edit_profile(request):
         bio=user.get('bio'))
 
     if request.method == 'POST' and form.validate():
-            user['url'] = unicode(request.POST['url'])
-            user['bio'] = unicode(request.POST['bio'])
+        password_matches = auth_lib.bcrypt_check_password(
+            request.POST['old_password'],
+            user['pw_hash'])
+
+        if (request.POST['old_password'] or request.POST['new_password']) and not \
+                password_matches:
+            form.old_password.errors.append(_('Wrong password'))
+
+            return render_to_response(
+                request,
+                'mediagoblin/edit/edit_profile.html',
+                {'user': user,
+                 'form': form})
+
+        user['url'] = unicode(request.POST['url'])
+        user['bio'] = unicode(request.POST['bio'])
+
+        if password_matches:
+            user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+                request.POST['new_password'])
 
-            user['bio_html'] = cleaned_markdown_conversion(user['bio'])
+        user['bio_html'] = cleaned_markdown_conversion(user['bio'])
 
-            user.save()
+        user.save()
 
-            messages.add_message(request,
-                                 messages.SUCCESS,
-                                 'Profile edited!')
-            return redirect(request,
-                           'mediagoblin.user_pages.user_home',
-                            user=edit_username)
+        messages.add_message(request,
+                             messages.SUCCESS,
+                             _("Profile edited!"))
+        return redirect(request,
+                       'mediagoblin.user_pages.user_home',
+                        user=user['username'])
 
     return render_to_response(
         request,