def _action(self) -> None:
assert user.id is not None
users = userdb.load_users(lock=True)
user_spec = users[user.id]
cur_password = request.get_str_input_mandatory("cur_password")
password = request.get_str_input_mandatory("password")
password2 = request.get_str_input_mandatory("password2", "")
# Force change pw mode
if not cur_password:
raise MKUserError("cur_password", _("You need to provide your current password."))
if not password:
raise MKUserError("password", _("You need to change your password."))
if cur_password == password:
raise MKUserError("password", _("The new password must differ from your current one."))
if userdb.check_credentials(user.id, cur_password) is False:
raise MKUserError("cur_password", _("Your old password is wrong."))
if password2 and password != password2:
raise MKUserError("password2", _("The both new passwords do not match."))
watolib.verify_password_policy(password)
user_spec["password"] = hash_password(password)
user_spec["last_pw_change"] = int(time.time())
# In case the user was enforced to change it's password, remove the flag
try:
del user_spec["enforce_pw_change"]
except KeyError:
pass
# Increase serial to invalidate old authentication cookies
if "serial" not in user_spec:
user_spec["serial"] = 1
else:
user_spec["serial"] += 1
userdb.save_users(users)
flash(_("Successfully changed password."))
# Set the new cookie to prevent logout for the current user
login.update_auth_cookie(user.id)
# In distributed setups with remote sites where the user can login, start the
# user profile replication now which will redirect the user to the destination
# page after completion. Otherwise directly open up the destination page.
origtarget = request.get_str_input_mandatory("_origtarget", "user_change_pw.py")
if user.authorized_login_sites():
raise redirect(
makeuri_contextless(
request, [("back", origtarget)], filename="user_profile_replicate.py"
)
)
raise redirect(origtarget)
def _action(self) -> bool:
assert config.user.id is not None
users = userdb.load_users(lock=True)
user = users[config.user.id]
cur_password = html.request.get_str_input_mandatory('cur_password')
password = html.request.get_str_input_mandatory('password')
password2 = html.request.get_str_input_mandatory('password2', '')
# Force change pw mode
if not cur_password:
raise MKUserError("cur_password",
_("You need to provide your current password."))
if not password:
raise MKUserError("password",
_("You need to change your password."))
if cur_password == password:
raise MKUserError(
"password",
_("The new password must differ from your current one."))
if userdb.check_credentials(config.user.id, cur_password) is False:
raise MKUserError("cur_password", _("Your old password is wrong."))
if password2 and password != password2:
raise MKUserError("password2",
_("The both new passwords do not match."))
watolib.verify_password_policy(password)
user['password'] = hash_password(password)
user['last_pw_change'] = int(time.time())
# In case the user was enforced to change it's password, remove the flag
try:
del user['enforce_pw_change']
except KeyError:
pass
# Increase serial to invalidate old authentication cookies
if 'serial' not in user:
user['serial'] = 1
else:
user['serial'] += 1
userdb.save_users(users)
# Set the new cookie to prevent logout for the current user
login.update_auth_cookie(config.user.id)
return True