def auth_set_password():
passwordform = PasswordForm(request.form)
if not passwordform.validate():
return render_template("auth/settings.html",
user=current_user,
nameform=NameForm(),
usernameform=UsernameForm(),
passwordform=passwordform)
if passwordform.password.data != passwordform.password2.data:
return render_template("auth/settings.html",
user=current_user,
nameform=NameForm(),
usernameform=UsernameForm(),
passwordform=passwordform,
error="You gave two different passwords")
user = User.query.get(current_user.id)
user.password = passwordform.password.data
db.session().commit()
return render_template("auth/settings.html",
user=current_user,
nameform=NameForm(),
usernameform=UsernameForm(),
passwordform=PasswordForm(),
confirm="Password was changed")
def user_edit_password():
if request.method == 'GET':
return redirect(url_for('user_profile'))
form = PasswordForm(request.form)
user = User.query.get(current_user.id)
if not form.validate():
return render_template(
'auth/profile.html',
user=user,
usernameForm=UsernameForm(),
passwordForm=form,
)
with session_scope() as session:
user = session.query(User).get(current_user.id)
password = form.password.data.encode()
salt = bcrypt.gensalt(rounds=10)
phash = bcrypt.hashpw(password, salt)
user.phash = phash.decode()
session.commit()
return redirect(url_for('user_profile'))
def auth_set_username():
usernameform = UsernameForm(request.form)
if not usernameform.validate():
return render_template("auth/settings.html",
user=current_user,
nameform=NameForm(),
usernameform=usernameform,
passwordform=PasswordForm())
user = User.query.filter_by(username=usernameform.username.data).first()
if user:
return render_template("auth/settings.html",
user=current_user,
nameform=NameForm(),
usernameform=UsernameForm(),
passwordform=PasswordForm(),
error="Username is already in use")
user = User.query.get(current_user.id)
user.username = usernameform.username.data
db.session().commit()
return render_template("auth/settings.html",
user=current_user,
nameform=NameForm(),
usernameform=UsernameForm(),
passwordform=PasswordForm(),
confirm="Userame was changed")
def get_delete_user(user_id):
try:
if int(current_user.id) != int(user_id):
return abort(404)
except:
return abort(404)
return render_template("user/deleteuser.html", form=PasswordForm())
def delete_user(user_id):
check_user_admin = User.query.get(current_user.id)
# Admin can delete any user
try:
if int(current_user.id) != int(
user_id) and check_user_admin.role != 'admin':
return abort(404)
except:
return abort(404)
form = PasswordForm(request.form)
# Confirm password before delete, if the one doing the delete is not admin
if check_user_admin.role != 'admin':
stmt = text("SELECT*FROM Account WHERE Account.id = :id").params(
id=user_id)
user = db.engine.execute(stmt).fetchone()
if not bcrypt.checkpw(form.password.data.encode('utf8'),
user._password.encode('utf8')):
return render_template("user/deleteuser.html",
form=PasswordForm(),
error="Wrong password.")
# Delete related messages
stmt = text("DELETE FROM Message WHERE Message.account_id = :id").params(
id=user_id)
db.engine.execute(stmt)
# Delete related discussions
stmt = text("DELETE FROM Discussion WHERE Discussion.account_id = :id"
).params(id=user_id)
db.engine.execute(stmt)
# Delete account
stmt = text("DELETE FROM Account WHERE Account.id = :id").params(
id=user_id)
db.engine.execute(stmt)
if check_user_admin.role == 'admin':
return redirect(url_for("list_users"))
logout_user()
return render_template("auth/loginform.html",
success="Account successfully deleted.",
form=UsernameAndPasswordForm())
def user_profile():
user = User.query.filter(User.id == current_user.id).first()
usernameForm = UsernameForm()
passwordForm = PasswordForm()
with suppress(KeyError):
usernameForm = request.args['usernameForm']
with suppress(KeyError):
passwordForm = request.args['passwordForm']
return render_template(
'auth/profile.html',
user=user,
usernameForm=UsernameForm(),
passwordForm=PasswordForm(),
)
def update_password():
form = PasswordForm(request.form)
if request.method == "GET":
return render_template("auth/update_password.html", form=form)
if not form.validate():
return render_template("auth/update_password.html", form=form)
elif (form.new_password.data == form.new_password_again.data):
current_user.password = f_bcrypt.generate_password_hash(
form.new_password.data).decode('utf8')
db.session().commit()
return redirect(url_for("show_scheduled_tasks"))
return render_template("auth/update_password.html",
form=form,
passwords_dont_match=True)
def auth_set_name():
nameform = NameForm(request.form)
if not nameform.validate():
return render_template("auth/settings.html",
user=current_user,
nameform=nameform,
usernameform=UsernameForm(),
passwordform=PasswordForm())
user = User.query.get(current_user.id)
user.name = nameform.name.data
db.session().commit()
return render_template("auth/settings.html",
user=current_user,
nameform=NameForm(),
usernameform=UsernameForm(),
passwordform=PasswordForm(),
confirm="Name was changed")
def user_profile(user_id):
if int(current_user.id) == int(user_id):
return render_template(
"auth/user.html",
form=PasswordForm(),
user=User.query.get(user_id),
message=get_message(),
favorite_ingredients=User.find_favorite_ingredients(user_id),
favorite_drinks=User.find_favorites(user_id))
return redirect(url_for("drinks_index"))
def account_change_password():
user = User.query.get(current_user.id)
if user:
if request.method == "GET":
form = PasswordForm()
return render_template("account/edit_password.html", form=form)
form = PasswordForm(request.form)
if not form.validate():
return render_template("account/edit_password.html", form=form)
if user is None or not bcrypt.check_password_hash(
user.password, form.old_password.data):
return render_template("account/edit_password.html", form=form)
user.password = bcrypt.generate_password_hash(form.new_password.data)
db.session().commit()
return redirect(url_for("account_page"))
def password_change(user_id):
form = PasswordForm(request.form)
if not form.validate():
return render_template("auth/user.html",
form=form,
user=User.query.get(user_id))
u = User.query.get(user_id)
if not u.password == form.password.data:
return render_template("auth/user.html",
form=form,
user=u,
error="Vanha salasana väärin")
u.password = form.new_password.data
db.session().commit()
set_message("Salasana vaihdettu")
return redirect(url_for("user_profile", user_id=u.id))
def reset_password(id):
form = PasswordForm(request.form)
u = User.query.get(id)
if request.method == "GET":
return render_template("auth/reset_password.html",
form=form,
current_user=current_user,
user=u)
if not form.validate():
return render_template("auth/reset_password.html", form=form, user=u)
elif (form.new_password.data == form.new_password_again.data):
u.failed_logins = 0
u.password = f_bcrypt.generate_password_hash(
form.new_password.data).decode('utf8')
db.session().commit()
return redirect(url_for("auth_control"))
return render_template("auth/reset_password.html",
form=form,
passwords_dont_match=True,
user=u)
def user_edit_username():
if request.method == 'GET':
return redirect(url_for('user_profile'))
form = UsernameForm(request.form)
user = User.query.get(current_user.id)
if not form.validate():
return render_template(
'auth/profile.html',
user=user,
usernameForm=form,
passwordForm=PasswordForm(),
)
with session_scope() as session:
username = form.username.data
existingUser = session.query(User).filter(
User.username == username).first()
if (existingUser):
form.username.errors.append('Username already exists')
return render_template(
'auth/profile.html',
user=user,
usernameForm=form,
passwordForm=PasswordForm(),
)
user.username = username
session.commit()
return redirect(url_for('user_profile'))
def delete_cancel():
return render_template("auth/settings.html",
user=current_user,
nameform=NameForm(),
usernameform=UsernameForm(),
passwordform=PasswordForm())