def change_password(request): """ This function changes the user's password using user inputs of username, current password, and new password with confirmation. """ class ChangePasswordForm(forms.Form): username = forms.CharField(label='Enter your username:'******'^[a-zA-Z0-9]*$', message='Invalid username', code='invalid_username')]) old_passwd = forms.CharField(label='Current Password:'******'New Password:'******'Confirm Password:'******'GET': form = ChangePasswordForm() elif request.method == 'POST': form = ChangePasswordForm(request.POST) if form.is_valid(): try: username = form.cleaned_data.get('username') old = form.cleaned_data.get('old_passwd') new = form.cleaned_data.get('passwd') utils.change_password(ldap_host, ldap_dn, ldap_admin, ldap_cred, username, ldap_user_group, old, new) return render(request, 'ss/password_change_success.html') except Exception as e: log.error(e) err = 'Failed to reset password for %s. The caught exception was %s' % (username, e.message) log.error(err) info='' desc='' msg='Unable to change your password.' if (isinstance(e, ldap.CONSTRAINT_VIOLATION)): info = e.message['info'] desc = e.message['desc'] msg = '''Unable to change your password, %s (%s).''' % (info, desc) if (isinstance(e, ldap.INVALID_CREDENTIALS)): desc = e.message['desc'] msg = '''Unable to change your password, %s.''' % (desc) return render(request, 'ss/error.html', {'content': msg}) return render(request, 'ss/change_password.html', {'form': form})
def change_password(request): """ This function changes the user's password using user inputs of username, current password, and new password with confirmation. """ class ChangePasswordForm(forms.Form): username = forms.CharField(label='Enter your username:'******'^[a-zA-Z0-9]*$', message='Invalid username', code='invalid_username')]) old_passwd = forms.CharField(label='Current Password:'******'New Password:'******'Confirm Password:'******'GET': form = ChangePasswordForm() elif request.method == 'POST': form = ChangePasswordForm(request.POST) if form.is_valid(): try: username = form.cleaned_data.get('username') old = form.cleaned_data.get('old_passwd') new = form.cleaned_data.get('passwd') #userdn = utils.get_userdn(ldap_host, ldap_dn, username) log.debug('User, %s, found. Ready to change password from %s to %s.' % (username, old, new)) utils.change_password(ldap_host, ldap_dn, username, old, new) return render(request, 'ss/password_change_success.html') except Exception as e: log.error(e) err = 'Failed to reset password for %s. The caught exception was %s' % (username, e) log.error(err) info='' desc='' msg='' if isinstance(e, ldap.CONSTRAINT_VIOLATION): info = e.message['info'] desc = e.message['desc'] msg = '''Unable to reset your password, %s (%s).''' % (info, desc) return render(request, 'ss/error.html', {'content': msg}) return render(request, 'ss/change_password.html', {'form': form})
def put(self, request): """ ### Change Password * While changing password for user registered with email, PUT request requires two fields and their values: * current_password - String * new_password - String * Possible HTTP status codes and JSON response: * `HTTP_200_OK` - If password change was successful: { "user_id": integer, "message": "Password updated successfully" } * `HTTP_401_UNAUTHORIZED` - If user provided incorrect value for current_password: { "message": "Current password is incorrect." } * `HTTP_400_BAD_REQUEST` - If new_password is same as current_password: { "message": "New password cannot be same as current password" } * `HTTP_500_INTERNAL_SERVER_ERROR` - Internal server error :param pk: :param request: """ # try: # user = validations_utils.user_validation(pk) # Validates if user exists or not. # validations_utils.user_token_validation( # request.auth.user_id, pk) # Validates user's Token authentication. # except ValidationException as e: # Generic exception # return Response(e.errors, status=e.status) try: request.data['current_password'] except KeyError: return Response(messages.REQUIRED_CURRENT_PASSWORD, status=status.HTTP_400_BAD_REQUEST) try: new_password = request.data['new_password'] if new_password is None or not re.match(r'[A-Za-z0-9@#$%^&+=]+', new_password): return Response(messages.PASSWORD_NECESSITY, status=status.HTTP_406_NOT_ACCEPTABLE) else: pass except KeyError: return Response(messages.REQUIRED_NEW_PASSWORD, status=status.HTTP_400_BAD_REQUEST) data_keys = request.data.keys() # Change Password will only require current_password and new_password. if 'current_password' in data_keys and 'new_password' in data_keys: current_password = request.data['current_password'] new_password = request.data['new_password'] try: password = utils.change_password( current_password, new_password, request.user) # Changes password. return Response(password, status=status.HTTP_200_OK) except ValidationException as e: return Response(e.errors, status=e.status)
def change_password(): if request.method == 'POST': old_password = request.values.get('old_password') password = request.values.get('password') repassword = request.values.get('repassword') if old_password != None and password != None and repassword != None: user = User.query.filter(User.login == session['login']).first() result = utils.change_password(bcrypt, user, old_password, password, repassword) if result: flash( Markup( '<div class="alert alert-success text-center" role="alert">Password changed</div>' )) else: flash( Markup( '<div class="alert alert-danger text-center" role="alert">Error</div>' )) return render_template( 'change_password.html', is_logged_in=session.get('login'), is_admin=session.get('is_admin'), ) elif request.method == 'GET': return render_template( 'change_password.html', is_logged_in=session.get('login'), is_admin=session.get('is_admin'), )
def changepassword_submit(): form = ChangePasswordForm(request.form) if form.validate(): if utils.validate_user(session['uid'], form.oldpassword.data): # Change their password. if utils.change_password(session['uid'], form.oldpassword.data, form.newpassword.data): flash("Password changed!") else: session.clear() flash("No LDAP client object?") else: flash("Old password incorrect.") return redirect("/") else: flash("Password change failed. Please fill in all fields and make sure you type the new password correctly both times.") return redirect("/changepassword/")
def change_user_password(user_id): data = request.get_json() # if dict has password and repassword keys if not all(key in data for key in ['old_password', 'password', 'repassword']): return jsonify(message='error'), 400 old_password = data['old_password'] password = data['password'] repassword = data['repassword'] user = User.query.filter(User.id == user_id).first() result = utils.change_password(bcrypt, user, old_password, password, repassword) return (jsonify(message='ok'), 200) if result else (jsonify(message='error'), 400)
def save(self): change_password(self.user, self.cleaned_data["password1"])