def admin_user_password(userid):
form = UserPasswordForm()
if form.validate_on_submit():
admin_password = form.admin_password.data
new_user_password = form.new_user_password.data
currentuser_password: str = User.find_user(
username_val=current_user.username, retval=USER_PASSWORD_USERKEY)
if User.check_pass(currentuser_password, admin_password):
User.update_val((USER_PASSWORD_USERKEY, new_user_password),
user_id=userid)
return redirect(url_for("admin.admin_manage_users"))
else:
form.admin_password.errors = "Current Admin Password was incorrect!!!"
return render_template("admin/change-user-password.html",
form=form)
return render_template("admin/change-user-password.html", form=form)
def login():
"""checks to see if the user is already authenticated or not. If not
the user will input their username and password and if it matches they will be stored
in flask-login so they can be authenticated. It also checks to see which role the user
is and directs them to the appropriate homepage"""
if current_user.is_authenticated:
user = User.find_user(username_val=current_user.username)
path = User.check_roles(user)
return redirect(path)
form = LoginForm()
if form.validate_on_submit() and request.method == "POST":
raw_username = request.form.get("username")
username = strip_text(raw_username, toStr=True)
user = User.find_user(username_val=username)
raw_password = request.form.get("password")
password = strip_text(raw_password, toStr=True)
if user and User.check_pass(user[USER_PASSWORD], password):
user_obj = User(username=user[USERNAME], password=user[USER_PASSWORD],
email=[USER_EMAIL], roles=user[USER_ROLES], _id=user[USER_ID])
login_user(user_obj)
newpath = User.check_roles(user)
print(newpath)
return redirect(newpath)
else:
error = "Username or Password was incorrect."
return render_template('auth/login.html', title='Sign In', form=form, error=error)
return render_template('auth/login.html', title='Sign In', form=form)
