def set_password(): """ Set a new password for the logged in user.. Notes ----- Expects json containing 'password' and 'newPassword' keys. Checks the password is the same as the existing one and that the new password is strong. """ edits = request.get_json() try: old_pass = edits["password"] except KeyError: raise InvalidUsage("Missing old password.", payload={"bad_field": "password"}) try: new_pass = edits["newPassword"] except KeyError: raise InvalidUsage( "Missing new password.", payload={"bad_field": "newPassword"} ) if current_user.is_correct_password(old_pass): if len(new_pass) == 0 or zxcvbn(new_pass)["score"] < 4: raise InvalidUsage( "Password not complex enough.", payload={"bad_field": "newPassword"} ) current_user.password = new_pass db.session.add(current_user) db.session.commit() return jsonify({}), 200 else: raise InvalidUsage("Password incorrect.", payload={"bad_field": "password"})
def delete_account(id): form = DeleteForm() if form.validate_on_submit(): user = User.query.join(Student).filter(Student.id == id).first() student = Student.query.join(User).filter(Student.id == id).first() if current_user.is_correct_password(form.password.data) is True: logout_user() db.session.delete(user) db.session.delete(student) db.session.commit() return redirect('/') return render_template('user/delete_account.html', form=form)
def change_password(): form = ChangePasswordForm() if form.validate_on_submit(): if current_user.is_correct_password(form.currentpass.data): current_user.password = form.password.data db.session.commit() flash("Password changed!", "success") login_user(current_user, remember=True) return redirect(url_for("index")) else: flash("Current password incorrect, try again", "error") return render_template("change_password.html", form=form)
def account_handler(action): """Handle account actions.""" form = UserPasswordForm() if form.validate_on_submit(): # Check username and password again if (form.username.data == current_user.username and current_user.is_correct_password(form.password.data)): # Perform requests account action if action == "account_reset": return reset_account() if action == "account_delete": return delete_account() return redirect(url_for(action)) return render_template('account.html', form=form, form_header=action.replace('_', ' ').title())
def account_handler(action): """Handle account actions.""" form = UserPasswordForm() if form.validate_on_submit(): # Check username and password again if (form.username.data == current_user.username and current_user.is_correct_password(form.password.data)): # Attempt to close any open orders first orders = Order.query.filter_by(user_id=current_user.id, closed=None).all() for order in orders: r = broker.talk(order_id=order.id, action=1) if r['retcode'] != 0: app.logger.error("Could not close %s order: %s", action, order.id) # Perform requests account action if action == "account_reset": return reset_account() if action == "account_delete": return delete_account() return redirect(url_for(action)) return render_template('account.html', form=form, form_header=action.replace('_', ' ').title())
def auth_update(): if request.method == "GET": form = UpdateAccountForm() form.name.data = current_user.name return render_template("auth/updateaccountform.html", form=form) form = UpdateAccountForm(request.form) if not form.validate(): return render_template("auth/updateaccountform.html", form=form) if (not current_user.is_authenticated) or ( not current_user.is_correct_password(form.oldpassword.data)): return render_template("auth/updateaccountform.html", form=form, error="Incorrect password") if form.password.data: current_user.set_password(form.password.data) if current_user.name != form.name.data: current_user.add_name(form.name.data) current_user.set_name(form.name.data) return redirect(url_for("index"))