def set_password():
"""
Set a new password for the logged in user..
Notes
-----
Expects json containing 'password' and 'newPassword' keys.
Checks the password is the same as the existing one and that
the new password is strong.
"""
edits = request.get_json()
try:
old_pass = edits["password"]
except KeyError:
raise InvalidUsage("Missing old password.", payload={"bad_field": "password"})
try:
new_pass = edits["newPassword"]
except KeyError:
raise InvalidUsage(
"Missing new password.", payload={"bad_field": "newPassword"}
)
if current_user.is_correct_password(old_pass):
if len(new_pass) == 0 or zxcvbn(new_pass)["score"] < 4:
raise InvalidUsage(
"Password not complex enough.", payload={"bad_field": "newPassword"}
)
current_user.password = new_pass
db.session.add(current_user)
db.session.commit()
return jsonify({}), 200
else:
raise InvalidUsage("Password incorrect.", payload={"bad_field": "password"})
def delete_account(id):
form = DeleteForm()
if form.validate_on_submit():
user = User.query.join(Student).filter(Student.id == id).first()
student = Student.query.join(User).filter(Student.id == id).first()
if current_user.is_correct_password(form.password.data) is True:
logout_user()
db.session.delete(user)
db.session.delete(student)
db.session.commit()
return redirect('/')
return render_template('user/delete_account.html', form=form)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
if current_user.is_correct_password(form.currentpass.data):
current_user.password = form.password.data
db.session.commit()
flash("Password changed!", "success")
login_user(current_user, remember=True)
return redirect(url_for("index"))
else:
flash("Current password incorrect, try again", "error")
return render_template("change_password.html", form=form)
def account_handler(action):
"""Handle account actions."""
form = UserPasswordForm()
if form.validate_on_submit():
# Check username and password again
if (form.username.data == current_user.username and
current_user.is_correct_password(form.password.data)):
# Perform requests account action
if action == "account_reset":
return reset_account()
if action == "account_delete":
return delete_account()
return redirect(url_for(action))
return render_template('account.html', form=form,
form_header=action.replace('_', ' ').title())
def account_handler(action):
"""Handle account actions."""
form = UserPasswordForm()
if form.validate_on_submit():
# Check username and password again
if (form.username.data == current_user.username and
current_user.is_correct_password(form.password.data)):
# Attempt to close any open orders first
orders = Order.query.filter_by(user_id=current_user.id, closed=None).all()
for order in orders:
r = broker.talk(order_id=order.id, action=1)
if r['retcode'] != 0:
app.logger.error("Could not close %s order: %s", action, order.id)
# Perform requests account action
if action == "account_reset":
return reset_account()
if action == "account_delete":
return delete_account()
return redirect(url_for(action))
return render_template('account.html', form=form,
form_header=action.replace('_', ' ').title())
def auth_update():
if request.method == "GET":
form = UpdateAccountForm()
form.name.data = current_user.name
return render_template("auth/updateaccountform.html", form=form)
form = UpdateAccountForm(request.form)
if not form.validate():
return render_template("auth/updateaccountform.html", form=form)
if (not current_user.is_authenticated) or (
not current_user.is_correct_password(form.oldpassword.data)):
return render_template("auth/updateaccountform.html",
form=form,
error="Incorrect password")
if form.password.data:
current_user.set_password(form.password.data)
if current_user.name != form.name.data:
current_user.add_name(form.name.data)
current_user.set_name(form.name.data)
return redirect(url_for("index"))
