def change_password():
if request.method == 'POST':
old_password = request.form['oldPassword']
new_password1 = request.form['newPassword1']
new_password2 = request.form['newPassword2']
if not login_validate(current_user.email_address, old_password):
return Response('Original password invalid.')
if new_password1 != new_password2:
return Response('New passwords do not match.')
if len(new_password1) < 8:
return Response('Password is too short.')
change_user_password(current_user.email_address, old_password,
new_password1)
return redirect('/')
return render_template('users/change-password.html')
def sign_in():
if request.method == 'POST':
email_address = request.form['email_address']
password = request.form['password']
remember_me = bool(int(request.form.get(
'remember_me', '0'))) # fix(soon): safe convert
user = login_validate(email_address, password)
if not user:
message = 'Invalid email address or user name or password.'
return render_template(
'users/sign-in.html', message=message,
hide_loc_nav=True) # display login form again
login_user(user, remember=remember_me)
return redirect('/')
# return redirect(request.args.get("next") or "/") # need to use next_is_valid(next) - https://flask-login.readthedocs.org/en/latest/
return render_template('users/sign-in.html', hide_loc_nav=True)
def _create_or_update_admin_user():
"""Add an admin user to the database if needed, or set the existing user's password."""
admin_email = os.environ.get('TERRAWARE_ADMIN_EMAIL')
admin_password = os.environ.get('TERRAWARE_ADMIN_PASSWORD')
if admin_email and admin_password:
if login_validate(admin_email, admin_password):
# The admin already exists and has the right password.
return
try:
create_admin_user(admin_email, admin_password)
logger.info('Created admin user %s', admin_email)
except IntegrityError:
db.session.rollback()
reset_user_password(admin_email, admin_password)
logger.info('Updated admin password')
else:
logger.warning('No admin username/password configured')