Exemple #1
0
def change_user_password(id):
    # Permissions check
    if id != request.user['user_id'] and not request.user['can_create_users']:
        raise KeyError("You must be an admin to change other users' passwords")

    # Parsing form data
    new_password = request.form['new_password']
    try:
        old_password = request.form['old_password']
    except KeyError:
        old_password = None

    # TODO: Fetching user by ID is silly if all we're using it for is a key
    #       in change_password()... 
    user = users.get_user_by_id(id)
    name = user['user_name']

    # old_password = None tells change_password() to ignore the old
    # password check.  As a result, it should only be None if the user
    # has administrative privileges, or an attack surface for account
    # hijacking exists.
    if old_password is None and not request.user['can_create_users']:
        raise ValueError("old_password is None, and you are not an admin.")

    users.change_password(name, new_password, old_password)
    return redirect(url_for('user_details', id=id))
Exemple #2
0
def change_user_password(id):
    # Permissions check
    if id != request.user['user_id'] and not request.user['can_create_users']:
        raise KeyError("You must be an admin to change other users' passwords")

    # Parsing form data
    new_password = request.form['new_password']
    try:
        old_password = request.form['old_password']
    except KeyError:
        old_password = None

    # TODO: Fetching user by ID is silly if all we're using it for is a key
    #       in change_password()...
    user = users.get_user_by_id(id)
    name = user['user_name']

    # old_password = None tells change_password() to ignore the old
    # password check.  As a result, it should only be None if the user
    # has administrative privileges, or an attack surface for account
    # hijacking exists.
    if old_password is None and not request.user['can_create_users']:
        raise ValueError("old_password is None, and you are not an admin.")

    users.change_password(name, new_password, old_password)
    return redirect(url_for('user_details', id=id))
Exemple #3
0
  def POST(self):
    post = web.input(_method='POST')
    query = web.ctx.query
    pattern = re.compile(r'username=(.+)')
    result = pattern.findall(query)
    username = result[0]

    if username == '':
      response = {'message': 'false'}
    else:
      users.change_password(username, post['password'])
      response = {'message': 'true'}

      print 'Change pwd'
      logs.change_password(username)
    return json.dumps(response)
Exemple #4
0
def settings():
    if request.method == "GET":
        return render_template("settings.html")
    if request.method == "POST":
        password = request.form["new-pass1"]
        password2 = request.form["new-pass2"]
        oldPassword = request.form["prev-pass"]
        tokenc = request.form["tokenc"]
        change = users.change_password(password, password2, oldPassword,
                                       tokenc)
    return render_template("settings.html", notification=change[1])
Exemple #5
0
def changePassword():
    if request.method == 'GET':
        return render_template('change_password.html')
    elif request.method == 'POST':
        name = request.form.get('name')
        password = request.form.get('password')
        if name == '':
            return render_template('change_password.html',
                                   error=u'您必须输入要停用的用户账号名!')
        else:
            if change_password(name, password):
                return render_template('change_password.html',
                                       error=u'%s账号密码修改成功!' % (name))
            else:
                return render_template('change_password.html',
                                       error=u'%s账号密码修改失败!' % (name))
def change_password():
    users.check_csrf()
    users.require_role(2)
    user_id = session["user_id"]
    changing_password = [
        request.form["old_password"], request.form["new_password1"],
        request.form["new_password2"]
    ]
    if not users.check_password(user_id, changing_password[0]):
        return render_template(
            "error.html",
            message=
            "Vanha salasana meni väärin tai oli tyhjä, tarkista salasana")
    if subfunctions.check_password(changing_password[1],
                                   changing_password[2]) != "ok":
        return render_template("error.html",
                               message=subfunctions.check_password(
                                   changing_password[1], changing_password[2]))
    if not users.change_password(user_id, changing_password[1]):
        return render_template(
            "error.html",
            message="Uuden salasanan rekisteröinti ei onnistunut")
    return redirect("/settings")