def test_edit(self):
u = User(username='******', email='*****@*****.**', password='******',
about_me='test')
self.create_user(u)
assert u in db.session
# going to the edit page when no one is logged in
assert current_user.is_anonymous
rv = self.edit(u, 'james', '*****@*****.**', 'foobar', 'test')
assert "Please log in to access this page" in rv.data.decode("utf-8")
# loggin in test user
self.login(u, '*****@*****.**', 'foobar')
assert current_user == u
# checking empty edit
rv = self.edit(u, '', '', '', '')
assert current_user.username.lower() == 'jim'
assert current_user.email == '*****@*****.**'
assert current_user.check_password('foobar')
assert current_user.about_me == 'test'
# checking successful edit
rv = self.edit(u, 'james', '*****@*****.**', 'pharos1', 'something')
assert current_user.username.lower() == 'james'
assert current_user.email == '*****@*****.**'
assert current_user.check_password('pharos1')
assert current_user.about_me == 'something'
def validate(self):
initial_validation = super(ChangePasswordForm, self).validate()
if not initial_validation:
return False
if not current_user.check_password(self.old_password.data):
self.old_password.errors.append('The old password you entered is incorrect.')
return False
if current_user.check_password(self.new_password.data):
self.new_password.errors.append('You cannot use the same password as your new password.')
return False
return True
def validate(self):
initial_validation = super(ChangePasswordForm, self).validate()
if not initial_validation:
return False
if not current_user.check_password(self.old_password.data):
self.old_password.errors.append(
'The old password you entered is incorrect.')
return False
if current_user.check_password(self.new_password.data):
self.new_password.errors.append(
'You cannot use the same password as your new password.')
return False
return True
def edit_password():
form = EditPasswordForm(request.form)
if request.method == 'POST' and form.validate():
if current_user.check_password(form.data['old_password']):
print(current_user.check_password(form.data['old_password']))
current_user.password = form.data['new_password'];
current_user.save()
notification = Notify(notification_type = 'success', message = 'Successfully Changed Password')
return redirect(url_for('user', notify = True, notify_type = notification.type, notify_message = notification.message))
else:
notification = Notify(notification_type = 'error', message = 'Old Password Incorrect')
return render_template('edit_password.html', form=form, notify = notification)
return render_template('edit_password.html', form=form)
def username(username):
Account = AccountFactory.get_model()
acc = Account.pull(username)
if acc is None:
try:
acc = Account.pull_by_email(username)
except exceptions.NonUniqueAccountException:
flash("Permanent Error: these user credentials are invalid - please contact an administrator", "error")
return redirect(url_for(("logut")))
if acc is None:
abort(404)
# actions on this page are only availble to the actual user, or a user with the edit-users role
if current_user.id != acc.id or not current_user.has_role(app.config.get("ACCOUNT_EDIT_USERS_ROLE")):
abort(401)
# if this is a request for the user page, just render it
if request.method == "GET":
fc = AccountFactory.get_user_formcontext(acc)
return fc.render_template()
is_delete = request.method == "DELETE" or (request.method == "POST" and request.values.get("submit", False) == "Delete")
if is_delete:
# validate the delete
if not current_user.check_password(request.values.get("password")):
flash("Incorrect password", "error")
fc = AccountFactory.get_user_formcontext(acc=acc)
return fc.render_template()
# if the password validates, go ahead and do it
acc.remove() # Note we don't use the DAO's delete method - this allows the model to decide the delete behaviour
_do_logout()
flash('Account {x} deleted'.format(x=username), "success")
return redirect(url_for(app.config.get("ACCOUNT_LOGOUT_REDIRECT_ROUTE", "index")))
if request.method == "POST":
fc = AccountFactory.get_user_formcontext(acc=acc, form_data=request.form)
# attempt to validate the form
if not fc.validate():
flash("There was a problem when submitting the form", "error")
return fc.render_template()
# if the form validates, then check the legality of the submission
try:
fc.legal()
except exceptions.AccountException as e:
flash(e.message, "error")
return fc.render_template()
# if we get to here, then update the user record
fc.finalise()
# tell the user that everything is good
flash("Account updated", "success")
# end with a redirect because some details have changed
return redirect(url_for("account.username", username=fc.target.email))
def user():
dbuser = db.session.query(User).filter_by(username=current_user.id).first()
if dbuser is None:
abort(401)
if request.method == "POST":
# update user info
new_user = UserDecoder().decode(request.json)
if new_user is None:
print "Failed to decode request.json"
abort(400)
dbuser.update_with_user(new_user)
# change password
if len(request.json.get("oldpassword", "")) > 0 \
and len(request.json.get("newpassword", "")) > 0:
# check old password
if current_user.check_password(request.json["oldpassword"]):
current_user.set_password(request.json["newpassword"])
dbuser.password_hash = current_user.pw_hash
db.session.commit()
return jsonify({})
return render_template("user.html", current_dbuser=dbuser)
def user():
dbuser = db.session.query(User).filter_by(username=current_user.id).first()
if dbuser is None:
abort(401)
if request.method == "POST":
# update user info
new_user = UserDecoder().decode(request.json)
if new_user is None:
print "Failed to decode request.json"
abort(400)
dbuser.update_with_user(new_user)
# change password
if len(request.json.get("oldpassword", "")) > 0 \
and len(request.json.get("newpassword", "")) > 0:
# check old password
if current_user.check_password(request.json["oldpassword"]):
current_user.set_password(request.json["newpassword"])
dbuser.password_hash = current_user.pw_hash
db.session.commit()
return jsonify({})
return render_template("user.html", current_dbuser=dbuser)
def settings():
form = SettingsForm(request.form,
username=current_user.username,
email=current_user.mail,
show_def_name=current_user.get_setting(code='show_def_name'),
show_def_desc=current_user.get_setting(code='show_def_desc'),
show_def_tags=current_user.get_setting(code='show_def_tags'),
show_def_logo=current_user.get_setting(code='show_def_logo'),
use_icy=current_user.get_setting(code='use_icy'))
if request.method == "POST" and form.validate():
if current_user.check_password(password=form.old_password.data):
if form.new_password.data:
current_user.password = User.make_password(form.new_password.data)
current_user.mail = form.email.data
current_user.set_setting(code='show_def_name', value=form.show_def_name.data)
current_user.set_setting(code='show_def_desc', value=form.show_def_desc.data)
current_user.set_setting(code='show_def_tags', value=form.show_def_tags.data)
current_user.set_setting(code='show_def_logo', value=form.show_def_logo.data)
current_user.set_setting(code='use_icy', value=form.use_icy.data)
rfk.database.session.commit()
flash(gettext('Settings successfully updated.'), 'success')
return redirect(url_for('settings'))
else:
form.old_password.errors.append(gettext('Wrong password.'))
return render_template('settings.html', form=form, TITLE='Settings',
imgur={'client': rfk.CONFIG.get('site', 'imgur-client')})
def profile(self):
account_form = AccountUpdateForm(obj=current_user)
account_form.main_character.choices = [(character.id, character.name) for character in current_user.characters if character.get_status() != CharacterStatus.ineligible]
if account_form.validate_on_submit():
if account_form.new_password.data and not account_form.password.data:
flash('Your password is required to make these changes.', 'danger')
return redirect(url_for('AccountView:profile'))
if current_user.check_password(account_form.password.data):
# Password checks out, let's update it
current_user.update_password(account_form.new_password.data)
db.session.add(current_user)
db.session.commit()
User.password_updated.send(current_user, account_form.new_password.data)
session.clear()
flash('Your password has been updated, please login again.')
return redirect(url_for('AccountView:login'))
current_user.email = account_form.email.data
new_main_character = current_user.characters.filter_by(id=account_form.main_character.data).first()
if not character:
flash("We could not found this character in your characters.", 'danger')
return redirect(url_for('AccountView:profile'))
else:
current_user.name = new_main_character.name
current_user.main_character_id = new_main_character.id
db.session.add(current_user)
db.session.commit()
flash('Account updated.', 'success')
return redirect(url_for('AccountView:profile'))
api_forms = [APIKeyForm(obj=api_key) for api_key in current_user.api_keys]
new_api_form = APIKeyForm()
return render_template('account/profile.html', account_form=account_form, api_forms=api_forms, new_api_form=new_api_form)
def me_edit_login():
form = UserEditLoginForm(obj=current_user)
if form.validate_on_submit():
if not current_user.check_password(form.old_password.data):
form.old_password.errors.append('Incorrect Password')
else:
current_user.username = form.username.data
current_user.set_password(form.password.data)
db.session.commit()
return redirect('.me')
return render_template('users/me_edit_login.html', user=current_user, form=form)
def change_password():
"""
Change logged in user's password.
"""
form = ChangePasswordForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
if not current_user.check_password(form.current.data):
return api_error(dict(form=['Current password is incorrect.']))
current_user.set_password(form.new_password.data)
current_user.save()
return '', 200
def refresh_login():
form = PasswordForm()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
return redirect(request.args.get("next") or url_for("index"))
else:
flash("Incorrect password.")
return redirect(url_for('refresh_login'))
return render_template('accounts/refresh.html', form=form)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
if current_user.check_password(form.current_password.data):
current_user.password = form.new_password.data
db.session.add(current_user)
db.session.commit()
flash(u'新密码已设置。', 'success')
return redirect(url_for('.index'))
else:
flash(u'原密码有误,请重新输入。', 'warning')
return render_template('settings/change-password.html', form=form)
def change_password():
"""Password changing."""
form = PasswordForm()
if form.validate_on_submit():
if not current_user.check_password(form.old_password.data):
form.add_error('old_password', 'Old password is invalid.')
else:
with db.transaction:
current_user.password = form.new_password.data
return redirect(request.args.get('next') or url_for('settings'))
return render_template('change_password.html', form=form)
def change_password():
"""Password changing."""
form = PasswordForm()
if form.validate_on_submit():
if not current_user.check_password(form.old_password.data):
form.add_error('old_password', 'Old password is invalid.')
else:
with db.transaction:
current_user.password = form.new_password.data
return redirect(request.args.get('next') or url_for('settings'))
return render_template('change_password.html', form=form)
def changepassword():
form = ChangePasswordForm(request.form)
if request.method == "POST" and form.validate():
if not current_user.check_password(form.old_password.data):
form.old_password.errors.append(u"密码错误!")
return render_template("changepassword.html", form=form)
current_user.password = User.create_password(form.new_password.data)
db.session.add(current_user)
db.session.commit()
flash(u"密码修改成功!")
return render_template("changepassword.html", form=ChangePasswordForm())
return render_template("changepassword.html", form=form)
def change_password():
'''
Change a user's password
'''
form = ChangePasswordForm(request.form)
if request.method == 'POST' and form.validate():
if current_user.check_password(form.old_password.data):
current_user.update_password(form.new_password.data)
current_user.save()
flash("Your password has been updated.", category='index_page')
return redirect(url_for('.list_projects'))
else:
flash("Your password does not match.", category='error')
return render_template('change_password.html', form=form)
return render_template('change_password.html', form=form)
def change_password():
"""
Change user's password view
"""
form = ChangePass(request.form)
if request.method == 'POST' and form.validate():
old_password = request.form.get('old_pass')
new_password = request.form.get('new_pass')
if current_user.check_password(old_password):
current_user.change_password(new_password)
db.session.add(current_user)
db.session.commit()
flash('Your password successfully changed', 'success')
return redirect(url_for('index'))
return render_template('change_pass.html', form=form)
def make_admin(user_id):
form = ConfirmPasswordForm()
user = User.query.filter_by(id=user_id).first_or_404()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
user.admin = not user.admin
db.session.commit()
return redirect(url_for('view_frontend'))
else:
form.password.errors.append('Wrong password')
return render_template('confirm.html',
user=current_user.to_dict() if is_logged_in() else None,
form=form,
title='Change Admin Status',
target=url_for('make_admin', user_id=user_id))
def sign_in():
"""Log the user into the server"""
# Check for the correct form data to be submitted
if "user[password]" not in request.form or "user[email]" not in request.form:
abort(400)
# Get the user and check the password
user = User.get_by_email(request.form["user[email]"])
if user and user.check_password(request.form["user[password]"]):
# If the user and credentials are valid, log the user in
login_user(user)
return jsonify(success=True)
# Something went wrong
return jsonify(success=False, errors=["Login Failed"])
def login():
'Login view'
form = LoginForm()
invalid_login = False
if form.validate_on_submit():
user = User.get_user(form.username.data)
if user and user.check_password(form.password.data):
login_user(user)
return redirect(app.config['LOGIN_REDIRECT'])
else:
invalid_login = True
return render_template('spirits/login.jinja', form=form,
invalid_login=invalid_login)
def changepassword():
form = ChangePasswordForm(request.form)
if request.method == 'POST' and form.validate():
if not current_user.check_password(form.old_password.data):
form.old_password.errors.append(u'密码错误!')
return render_template("changepassword.html", form=form)
current_user.password = User.create_password(form.new_password.data)
db.session.add(current_user)
db.session.commit()
flash(u"密码修改成功!")
return render_template("changepassword.html",
form=ChangePasswordForm())
return render_template("changepassword.html", form=form)
def drop_all():
form = DropAllForm()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
items = current_user.items
current_user.items = []
for item in items:
db.session.delete(item)
db.session.add(current_user)
db.session.commit()
flash(u'您已清空所有条目。', 'danger')
return redirect(url_for('.index'))
else:
flash(u'您输入的密码不正确!', 'warning')
flash(u'注意:您将会清空所有条目,此操作不可逆!', 'danger')
return render_template('settings/drop-all.html', form=form)
def sign_in():
"""Log the user into the server"""
# Check for the correct form data to be submitted
if 'user[password]' not in request.form \
or 'user[email]' not in request.form:
abort(400)
# Get the user and check the password
user = User.get_by_email(request.form['user[email]'])
if user and user.check_password(request.form['user[password]']):
# If the user and credentials are valid, log the user in
login_user(user)
return jsonify(success=True)
# Something went wrong
return jsonify(success=False, errors=['Login Failed'])
def make_admin(user_id):
form = ConfirmPasswordForm()
user = User.query.filter_by(id=user_id).first_or_404()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
user.admin = not user.admin
db.session.commit()
return redirect(url_for('view_frontend'))
else:
form.password.errors.append('Wrong password')
return render_template(
'confirm.html',
user=current_user.to_dict() if is_logged_in() else None,
form=form,
title='Change Admin Status',
target=url_for('make_admin', user_id=user_id))
def change_password():
"""
Change a user's password
"""
# form = ChangePasswordForm(request.form)
# if request.method == 'POST' and form.validate():
form = ChangePasswordForm()
if form.validate_on_submit():
if current_user.check_password(form.old_password.data):
current_user.update_password(form.new_password.data)
current_user.save()
flash("Your password has been updated.", category="index_page")
return redirect(url_for(".list_projects"))
else:
flash("Your password does not match.", category="error")
return render_template("change_password.html", form=form)
return render_template("change_password.html", form=form)
def reset_password():
res = ajax_response()
old_password = request.form.get('old_password')
new_password = request.form.get('new_password')
new_password_confirm = request.form.get('new_password_confirm')
if new_password and new_password_confirm and new_password_confirm != new_password:
res.update({'info': '两次输入的新密码不一致', 'type': 'error'})
return jsonify(res)
if not current_user.check_password(old_password):
res.update({'info': '原始密码错误', 'type': 'error'})
return jsonify(res)
with session_cm() as session:
session.query(User).get(
current_user.user_id).set_password(new_password)
session.commit()
res.update(info='密码修改成功')
return jsonify(res)
def change_password(user_id=None):
form = ChangePasswordForm()
if user_id is not None and not is_admin():
return 'You are not authorised', 403
if user_id is None:
user_id = current_user.get_id()
user = User.query.filter_by(id=user_id).first_or_404()
if form.validate_on_submit():
if current_user.check_password(form.current_password.data):
user.set_password(form.new_password.data)
db.session.commit()
return redirect(url_for('view_frontend'))
else:
form.current_password.errors.append('Wrong password')
return render_template('user_change_password.html',
form=form,
user=current_user.to_dict() if is_logged_in() else None,
user_id=user_id)
def change_password(user_id=None):
form = ChangePasswordForm()
if user_id is not None and not is_admin():
return 'You are not authorised', 403
if user_id is None:
user_id = current_user.get_id()
user = User.query.filter_by(id=user_id).first_or_404()
if form.validate_on_submit():
if current_user.check_password(form.current_password.data):
user.set_password(form.new_password.data)
db.session.commit()
return redirect(url_for('view_frontend'))
else:
form.current_password.errors.append('Wrong password')
return render_template(
'user_change_password.html',
form=form,
user=current_user.to_dict() if is_logged_in() else None,
user_id=user_id)
def change_password():
if request.method == 'POST':
new_password = request.form.get('newpassword1', '')
if not current_user.check_password(
request.form.get('currentpassword', '')):
flash(
'Your current password was entered incorrectly. Please check and try again.'
)
elif new_password != request.form.get('newpassword2', ''):
flash(
'Password not changed: new passwords provided did not match.')
elif len(new_password) < 8:
flash(
'Password not changed: Please use a password at least 8 characters long.'
)
else:
current_user.change_password(new_password)
return redirect(url_for('standings'))
return render_template('changepassword.html')
def account_settings():
if request.method == 'POST':
if request.form.get('current-password'): # user is asking to change their password
current = request.form.get('current-password')
new = request.form.get('new-password')
repeatnew = request.form.get('repeat-new-password')
if not current_user.check_password(current):
flash("Current password does not match.", 'error')
return redirect(url_for('account_settings'))
if new != repeatnew:
flash("The passwords do not match.", 'error')
return redirect(url_for('account_settings'))
current_user.reset_password(new)
g.UserManager.save_user(current_user)
flash('Password changed successfully!', 'success')
return redirect(url_for('account_settings'))
return render_template('account/settings.html')
def account_settings():
if request.method == 'POST':
if request.form.get('current-password'): # user is asking to change their password
current = request.form.get('current-password')
new = request.form.get('new-password')
repeatnew = request.form.get('repeat-new-password')
if not current_user.check_password(current):
flash("Current password does not match.", 'error')
return redirect(url_for('account_settings'))
if new != repeatnew:
flash("The passwords do not match.", 'error')
return redirect(url_for('account_settings'))
current_user.reset_password(new)
UserManager.save_user(current_user)
flash('Password changed successfully!', 'success')
return redirect(url_for('account_settings'))
return render_template('account/settings.html')
def reset_password():
res = ajax_response()
old_password = request.form.get('old_password')
new_password = request.form.get('new_password')
new_password_confirm = request.form.get('new_password_confirm')
if new_password and new_password_confirm and new_password_confirm != new_password:
res.update({
'info': '两次输入的新密码不一致',
'type': 'error'
})
return jsonify(res)
if not current_user.check_password(old_password):
res.update({
'info': '原始密码错误',
'type': 'error'
})
return jsonify(res)
with session_cm() as session:
session.query(User).get(current_user.user_id).set_password(new_password)
session.commit()
res.update(info='密码修改成功')
return jsonify(res)
def settings():
form = SettingsForm(
request.form,
username=current_user.username,
email=current_user.mail,
show_def_name=current_user.get_setting(code='show_def_name'),
show_def_desc=current_user.get_setting(code='show_def_desc'),
show_def_tags=current_user.get_setting(code='show_def_tags'),
show_def_logo=current_user.get_setting(code='show_def_logo'),
use_icy=current_user.get_setting(code='use_icy'))
if request.method == "POST" and form.validate():
if current_user.check_password(password=form.old_password.data):
if form.new_password.data:
current_user.password = User.make_password(
form.new_password.data)
current_user.mail = form.email.data
current_user.set_setting(code='show_def_name',
value=form.show_def_name.data)
current_user.set_setting(code='show_def_desc',
value=form.show_def_desc.data)
current_user.set_setting(code='show_def_tags',
value=form.show_def_tags.data)
current_user.set_setting(code='show_def_logo',
value=form.show_def_logo.data)
current_user.set_setting(code='use_icy', value=form.use_icy.data)
rfk.database.session.commit()
flash('Settings successfully updated.', 'success')
return redirect(url_for('settings'))
else:
form.old_password.errors.append('Wrong password.')
ball = rfk.helper.iso_country_to_countryball(current_user.country)
return render_template(
'settings.html',
form=form,
TITLE='Settings',
ball=ball,
imgur={'client': rfk.CONFIG.get('site', 'imgur-client')})
def change_password():
ret = _default_response()
ret['form'] = ChangePasswordForm()
ret['title'] = u"Zmień hasło"
ret['section_title'] = u"Zmień hasło"
if ret['form'].validate_on_submit():
from recorder.models import User
if not current_user.check_password(ret['form'].current_password.data):
ret['error'] = u"Podano błędne OBECNE hasło"
return ret
if ret['form'].password.data != ret['form'].re_password.data:
ret['error'] = u"Hasło i jego powtórzenie są różne"
return ret
current_user.password = ret['form'].password.data
if current_user.save():
ret['success'] = u"Zmieniono hasło"
else:
ret['error'] = u"Coś poszło nie tak, nie można zmieńć hasła"
return ret
def validate_current_password(self, field):
if not current_user.check_password(field.data):
raise wtforms.ValidationError('Wrong password')
def username(username):
Account = AccountFactory.get_model()
acc = Account.pull(username)
if acc is None:
try:
acc = Account.pull_by_email(username)
except exceptions.NonUniqueAccountException:
flash(
"Permanent Error: these user credentials are invalid - please contact an administrator",
"error")
return redirect(url_for(("logut")))
if acc is None:
abort(404)
# actions on this page are only availble to the actual user, or a user with the edit-users role
if current_user.id != acc.id or not current_user.has_role(
app.config.get("ACCOUNT_EDIT_USERS_ROLE")):
abort(401)
# if this is a request for the user page, just render it
if request.method == "GET":
fc = AccountFactory.get_user_formcontext(acc)
return fc.render_template()
is_delete = request.method == "DELETE" or (
request.method == "POST"
and request.values.get("submit", False) == "Delete")
if is_delete:
# validate the delete
if not current_user.check_password(request.values.get("password")):
flash("Incorrect password", "error")
fc = AccountFactory.get_user_formcontext(acc=acc)
return fc.render_template()
# if the password validates, go ahead and do it
acc.remove(
) # Note we don't use the DAO's delete method - this allows the model to decide the delete behaviour
_do_logout()
flash('Account {x} deleted'.format(x=username), "success")
return redirect(
url_for(app.config.get("ACCOUNT_LOGOUT_REDIRECT_ROUTE", "index")))
if request.method == "POST":
fc = AccountFactory.get_user_formcontext(acc=acc,
form_data=request.form)
# attempt to validate the form
if not fc.validate():
flash("There was a problem when submitting the form", "error")
return fc.render_template()
# if the form validates, then check the legality of the submission
try:
fc.legal()
except exceptions.AccountException as e:
flash(e.message, "error")
return fc.render_template()
# if we get to here, then update the user record
fc.finalise()
# tell the user that everything is good
flash("Account updated", "success")
# end with a redirect because some details have changed
return redirect(url_for("account.username", username=fc.target.email))
def update_details():
valid = True
flashes = []
if (
flask.request.form['email'] != current_user.email and
models.User.get_by_email(flask.request.form['email']) is not None
):
flashes.append(u'That email address is already in use. ')
valid = False
if (
'oldpassword' in flask.request.form and
flask.request.form['oldpassword'] != ''
):
if not current_user.check_password(flask.request.form['oldpassword']):
flashes.append(u'Current password is incorrect')
valid = False
if (
'password' not in flask.request.form or
'confirm' not in flask.request.form or
flask.request.form['password'] == '' or
flask.request.form['password'] != flask.request.form['confirm']
):
flashes.append(u'New passwords do not match')
valid = False
if len(flask.request.form['password']) < 8:
flashes.append(u'Password must be at least 8 characters long')
valid = False
if (
'firstname' not in flask.request.form or
flask.request.form['firstname'] == ''
):
flashes.append(u'First Name cannot be blank')
valid = False
if (
'surname' not in flask.request.form or
flask.request.form['surname'] == ''
):
flashes.append(u'Surname cannot be blank')
valid = False
if (
'email' not in flask.request.form or
flask.request.form['email'] == ''
):
flashes.append(u'Email cannot be blank')
valid = False
if (
'phone' not in flask.request.form or
flask.request.form['phone'] == ''
):
flashes.append(u'Phone cannot be blank')
valid = False
if (
'postcode' not in flask.request.form or
flask.request.form['postcode'] == ''
):
flashes.append(u'Postcode cannot be blank')
valid = False
location = models.Location.get_by_postcode(flask.request.form['postcode'])
if not location:
flashes.append(u'Postcode not recognised')
valid = False
if not valid:
flash(
(
u'There were errors in your provided details. Please fix '
u'these and try again'
),
'error'
)
for msg in flashes:
flash(msg, 'warning')
else:
current_user.firstname = flask.request.form['firstname']
current_user.surname = flask.request.form['surname']
current_user.location_id = location.id
if flask.request.form['email'] != current_user.email:
current_user.email = flask.request.form['email']
current_user.email_verified = False
current_user.email_verification_key = str(random.randint(100000, 999999))
current_user.send_email_verification()
if flask.request.form['phone'] != current_user.phone:
current_user.phone = flask.request.form['phone']
current_user.sms_verified = False
current_user.sms_verification_key = str(random.randint(100000, 999999))
current_user.send_sms_verification()
if (
'password' in flask.request.form and
flask.request.form['password'] != ""
):
current_user.set_password(flask.request.form['password'])
database.DB.session.commit()
flask.flash(u'Your details have been updated', 'success')
return flask.redirect(flask.url_for('.index'))
def validate_old_password(form, field):
if not current_user.check_password(field.data):
raise ValidationError('Password is wrong.')
def validate_old_password(form,field):
if not current_user.check_password(field.data):
raise ValidationError('Verify password failed')
def _check_password(self):
# we check the password of the logged in user, not the account (this allows for admins to set user passwords)
return current_user.check_password(self.form.password.data)
def validate_password(self, field):
if not current_user.check_password(field.data):
raise ValidationError(u'原密码不正确!')
if field.data == self.password.data:
raise ValidationError(u'新密码不能与原密码一致')
def validate_old_password(self, field):
if not current_user.check_password(field.data):
raise ValidationError(u'原密码输入错误')
def validate_old_password(self, field):
if not current_user.check_password(field.data):
raise ValidationError(u'原密码输入错误')
def validate_old_password(form, field):
if not current_user.check_password(field.data):
raise ValidationError('Verify password failed')
