Exemplo n.º 1
0
def change_password():
    """
    User logged can change the password
    GET -> requests server change password page
    POST -> requests validate form & user info
    """

    # Hard bypass if admin_email try to change password
    if current_user.email == current_app.config['ADMIN_EMAIL']:
        flash(
            'Esta cuenta no puede cambiar de contraseña. Utiliza tu cuenta personal.'
        )
        current_app.logger.error('{} try to change password.'.format(
            current_user.email))
        return redirect(url_for('dashboard.home'))

    form = ChangePasswordForm()
    if form.validate_on_submit():
        user = User.query.filter_by(email=current_user.email).first()
        if user and user.check_password(password=form.password.data):
            # Actual password correct. Updating
            user.set_password(form.new_password.data)

            db.session.add(user)
            db.session.commit()
            current_app.logger.info('{} updated her password.'.format(user))
            flash('Contraseña actualizada. Vuelve a hacer login.')
            return redirect(url_for('auth.logout'))

        flash('Invalid password. Recheck inputs.')
        return redirect(url_for('auth.change_password'))

    return render_template('auth/change_password.html', form=form)
Exemplo n.º 2
0
def profile():
    page = request.args.get('page', default=1, type=int)
    reviews = Review.query\
        .with_entities(User.username, Review.grade, Review.feelings, Review.thoughts,
            Review.timestamp, Review.user_id, Review.movie_id, User.image, Movie.title, Movie.year)\
        .filter(Review.user_id == current_user.id)\
        .join(User)\
        .join(Movie)\
        .order_by(Review.timestamp.desc())\
        .paginate(page, 4, False)
    change_pw_form = ChangePasswordForm()
    profile_pic_form = ProfileImageForm()
    if change_pw_form.validate_on_submit():
        if current_user.check_password(change_pw_form.oldpassword.data):
            current_user.set_password(change_pw_form.password.data)
            db.session.add(current_user)
            db.session.commit()
            flash('Password changed!')
            return redirect(url_for('main.profile'))
        else:
            change_pw_form.oldpassword.errors.append('Incorrect old password')
    links = construct_page_links('main.profile', reviews)
    return render_template('profile.html',
                           title='profile',
                           current_page=reviews.page,
                           total_pages=reviews.pages,
                           next_page=links[0],
                           prev_page=links[1],
                           first_page=links[2],
                           last_page=links[3],
                           change_pw_form=change_pw_form,
                           profile_pic_form=profile_pic_form,
                           reviews=reviews.items)
Exemplo n.º 3
0
def change_password():
    change_password_form = ChangePasswordForm()
    if request.method == 'GET':
        return render_template('change_password.html',
                               user=current_user.name,
                               user_role=current_user.role.name,
                               change_password_form=change_password_form)
    if request.method == 'POST':
        if change_password_form.validate_on_submit():
            new_password = change_password_form.new_password.data
            old_password = change_password_form.old_password.data
            if not User.query.filter_by(email=current_user.email).first(
            ).verify_password(old_password):
                flash('Old password is invalid')
                return redirect(url_for('change_password'))
            if not utilities.password_is_valid(new_password):
                flash(
                    'Password is not strong enough.\nNeeds to contain lower case and upper case letters, numericals and punctuation.\nLength must be between 8 and 12 characters.'
                )
                return redirect(url_for('change_password'))
            User.query.filter_by(
                email=current_user.email).first().password = new_password
            db.session.commit()
            flash('Password changed successfully')
            return redirect(url_for('index'))
        else:
            return redirect(url_for('change_password'))
Exemplo n.º 4
0
def post_handler(request):

    form = ChangeEmailForm(request.POST)
    pwd_change_success = False
    email_change_success = False
    student = None

    if form.is_valid():
        email_change_success = change_email(request)
    else:
        form = ChangePasswordForm(request.POST)
        if form.is_valid():
            pwd_change_success = change_password(request)

    if (request.user.is_authenticated()):
        student = Students.objects.get(email=request.user)

    return render(request,
                  'userprofile/profile.html',
                  context_instance=RequestContext(
                      request, {
                          'title': 'Profile',
                          'student': student,
                          'date': datetime.now(),
                          'year': datetime.now().year,
                          'change_email_form': ChangeEmailForm(),
                          'change_password_form': ChangePasswordForm(),
                          'pwd_change_success': pwd_change_success,
                          'email_change_success': email_change_success
                      }))
Exemplo n.º 5
0
def change_password(token):
    email = confirm_token(token)

    user = UserInfo.query.filter(UserInfo.email == email).first_or_404()

    if user.password_token is not None:
        form = ChangePasswordForm(request.form)
        if form.validate_on_submit():
            user = UserInfo.query.filter_by(email=email).first()
            if user:
                user.password = sha256_crypt.encrypt(str(form.password.data))
                user.password_token = None

                subject = 'Password has been updated'
                html = render_template('pwchange_confirm.html',
                                       username=user.username)

                send_email(user.email, subject, html)
                db.session.commit()

                flash('Password successfully updated.', 'success')
                return redirect(url_for('login'))

            # else:
            #     flash('Password change was unsuccessful.', 'danger')
            #     return redirect(url_for('login'))
        else:
            flash('Please enter your new password.', 'success')
            return render_template('change_password.html', form=form)
    else:
        flash('unable to reset the password, try again.', 'danger')

    return redirect(url_for('login'))
Exemplo n.º 6
0
def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        return redirect(url_for('profile'))
    return render_template('change_password.html',
                           title='Change Password',
                           form=form)
Exemplo n.º 7
0
def private_profile():
    """
    The settings page for current_user. Here current_user may toggle suggestions, private, delete or report names,
    change about & photo with a shoddy ChangeDetailsForm, change password with an acceptable ChangePasswordForm, or
    permanently delete the account.
    :return: profile.html rendered with list of suggested names for current_user amd forms
    """
    names = Name.query.filter_by(userID=current_user.get_id()).all()

    # TODO: implement a new form to change account details you lazy trashbag
    form_d = ChangeDetailsForm(csrf_enabled=False)
    form_p = ChangePasswordForm()
    if form_p.validate_on_submit():
        if pwd_context.verify(form_p.current_password.data, current_user.password):
            user = User.query.get(current_user.id)
            user.password = pwd_context.encrypt(form_p.new_password.data)
            db.session.commit()
            flash("Changes saved.")
            return redirect(url_for("private_profile"))
        else:
            flash("Incorrect password.")
            return redirect(url_for("private_profile"))
    if form_d.validate_on_submit():
        user = User.query.get(current_user.id)
        if form_d.about.data != "":
            user.about = form_d.about.data
        app.logger.debug("result: "+user.about)
        if form_d.url.data != "":
            user.photo_url = form_d.url.data
        db.session.commit()
        flash("Changes saved.")
        return redirect(url_for("private_profile"))

    return render_template("profile.html", names=names, form_d=form_d, form_p=form_p)
Exemplo n.º 8
0
def changePassword():
    cursor.execute(
        'select name, login, passwordHash from account where id = %s',
        (current_user.id, ))
    user = cursor.fetchone()
    form = ChangePasswordForm()
    if form.validate_on_submit():
        if check_password_hash(
                user[2], form.passwordOld.data
        ) and form.passwordNew1.data == form.passwordNew2.data:
            cursor.execute(
                'update account set passwordHash = %s where id = %s', (
                    generate_password_hash(form.passwordNew1.data),
                    current_user.id,
                ))
            conn.commit()
            flash('Пароль был успешно изменен')
            return redirect(url_for('account'))
        else:
            flash('Старый пароль введен неверно или новые пароли не совпадают')
            return redirect(url_for('changePassword'))
    return render_template('changePassword.html',
                           title='Сменить пароль',
                           form=form,
                           user=user)
Exemplo n.º 9
0
def changePassword():
    form = ChangePasswordForm()
    form.username = current_user.username
    if form.validate_on_submit():
        AccountQuery.update_password(current_user.username,
                                     form.new_password.data)
        return jsonify(action="success")
    return jsonify(action="failed", error=form.errors)
Exemplo n.º 10
0
def change_password():
    form = ChangePasswordForm()

    if form.validate_on_submit():
        current_user.set_password(form.password.data)
        db.session.commit()
        flash('Password updated!')
        return redirect(url_for('account'))
    return render_template('change_password.html', form=form)
Exemplo n.º 11
0
def change_password(request):
    """
        This view provides a user with a form to update their password. A successful update will redirect the user back to their profile with a success message.
    """

    if request.method == 'GET':
        user = request.user
        new_password_form = ChangePasswordForm()
        context = {'new_password_form': new_password_form}
        return render(request, 'app/change_password.html', context)

    if request.method == 'POST':
        # get user instance used with form class instance (for validating unique fields) and volunteer instance
        user = CustomUser.objects.get(pk=request.user.id)
        old_password = request.POST['old_password']
        new_password_form = ChangePasswordForm(data=request.POST,
                                               instance=user)

        # validate password using installed validators in settings.py
        try:
            validate_password(request.POST['password']) == None
        except ValidationError:
            # return to form with form instance and message
            context = {'new_password_form': new_password_form}
            messages.error(request,
                           "Password change failed. New password too simple.")
            return render(request, 'app/change_password.html', context)

        # verify requesting user's email and old_password match
        authenticated_user = authenticate(email=user.email,
                                          password=old_password)

        # check data types in submission.
        if new_password_form.is_valid() and authenticated_user is not None:
            # Note that user instance is used here for updating (not posting)
            # Hash the password and update the user object
            user.set_password(request.POST['password'])
            user.save()

            # re-authenticate with new password
            authenticated_user = authenticate(
                email=user.email, password=request.POST['password'])
            login(request=request, user=authenticated_user)

            # return to user profile with success message after logging user in with new credentials
            messages.success(request, "Password changed successfully!")
            return HttpResponseRedirect(request.POST.get('next', '/profile'))

        else:
            # return to form with form instance and message
            context = {'new_password_form': new_password_form}
            messages.error(
                request,
                "Password change failed. Old password incorrect or new passwords don't match"
            )
            return render(request, 'app/change_password.html', context)
Exemplo n.º 12
0
def settings():
    form = ChangePasswordForm()
    timezone = User.query.filter_by(id=current_user.id).first().timezone
    if form.validate_on_submit():
        UserActions().change_password(current_user.id, form.old_password.data,
                                      form.password.data)
    return render_template('settings.html',
                           title='Settings',
                           timezones=pytz.common_timezones,
                           user_timezone=timezone,
                           form=form)
Exemplo n.º 13
0
def change_password():
    logger.warning(f'{session["username"]} change password.')
    form = ChangePasswordForm(request.form)
    if request.method == 'POST' and form.validate():
        user = User.query.filter_by(id=session['user_id']).first()
        if user.verify_password(form.old_password.data):
            user.password = form.new_password.data
            flash('change password success', 'alert-success')
            return redirect('auth.logout')
        flash('wrong old password', 'alert-danger')
    return render_template('change_password.html', form=form)
Exemplo n.º 14
0
def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        if current_user.verify_password(form.old_password.data):
            current_user.password = form.password.data
            db.session.add(current_user)
            flash(u'您的密码已被更新')
            return redirect(url_for('index'))
        else:
            flash(u'密码不正确')
    return render_template("change_password.html", form=form)
Exemplo n.º 15
0
def changePassword():
    """Admin change password"""
    form = ChangePasswordForm()
    if form.validate_on_submit():
        current_user.set_password(form.password.data)
        db.session.add(current_user)
        db.session.commit()
        flash('Password updated')
    return render_template('changePassword.html',
                           title='Change Password',
                           form=form)
Exemplo n.º 16
0
def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        if current_user.verify_password(form.old_password.data):
            current_user.password = form.password.data
            db.session.add(current_user)
            flash('您的密码已经修改!')
            return redirect(url_for('main.index'))
        else:
            flash('原密码错误,操作无效!')
    return render_template('user/change_password.html', form=form)
Exemplo n.º 17
0
def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        old_password = form.current_password.data
        user = User.from_login(current_user.email, old_password)
        if user.is_authenticated:
            new_password = form.new_password.data
            user.set_password(new_password)
            flash('Password successfully changed.')
        else:
            flash('Old password incorrect.')
    return render_template('change_password.html', form=form)
Exemplo n.º 18
0
def change_pwd():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        if current_user.verify_password(form.old_password.data):
            current_user.password = form.new_password.data
            db.session.add(current_user)
            db.session.commit()
            flash("修改密码成功")
            return redirect(url_for('main.index'))
        else:
            flash("修改失败")
    return render_template('user/change_pwd.html', form=form)
Exemplo n.º 19
0
def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        session = create_session()
        current_user.set_password(form.new_password.data)
        session.merge(current_user)
        session.commit()
        return redirect(f'/user/{current_user.id}')
    return render_template('change_password.html',
                           title='Change password',
                           form=form,
                           title_form='Change password')
Exemplo n.º 20
0
def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        if not current_user.check_password(form.current.data):
            flash('Password incorrect')
        elif form.new.data == form.current.data:
            flash('Password must be new')
        else:
            current_user.set_password(form.new.data)
            db.session.commit()
            flash('Password successfully changed')
        return redirect(url_for('change_password'))
    return render_template("change_password.html", form=form)
Exemplo n.º 21
0
def changepassword():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        u = User.query.filter_by(username=current_user.username).first()
        if u.verify_password(form.oldpassword.data):
            u.password = form.newpassword.data
            db.session.add(u)
            flash('密码修成功')
            return redirect(url_for('main.index'))
        else:
            flash('无效的密码')

    return render_template('user/changepassword.html', form=form)
Exemplo n.º 22
0
def change_password(token):
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    user = User.verify_token(token)
    if not user:
        return redirect(url_for('index'))
    form = ChangePasswordForm()
    if form.validate_on_submit():
        user.set_password(form.password.data)
        db.session.commit()
        flash('Ваш пароль успешно изменен!')
        return redirect(url_for('login'))
    return render_template('ChangePassword.html', form=form)
Exemplo n.º 23
0
def change_password():
    form = ChangePasswordForm()
    newpassword = form.newpassword.data
    if form.validate():
        if current_user.verify_password(password=form.oldpassword.data):
            current_user.password = newpassword
            db.session.add(current_user)
            db.session.commit()
            flash('密码修改成功')
            return redirect(url_for('main.index'))
        else:
            flash('修改失败')
    return render_template('users/change_password.html',form=form)
Exemplo n.º 24
0
def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        if not current_user.check_password(form.current_password.data):
            flash('Your current password is wrong.')
            return redirect(url_for('change_password'))

        current_user.set_password(form.password.data)
        db.session.commit()
        flash('Your password has been changed.')
        return redirect(url_for('edit_profile'))

    return render_template('change_password.html', form=form)
Exemplo n.º 25
0
def changepassword():
    if not current_user.is_authenticated:
        return redirect(url_for('index'))
    form = ChangePasswordForm()
    if form.validate_on_submit():
        user = current_user
        if user.check_password(form.current_password.data):
            user.set_password(form.password.data)
            db.session.commit()
            flash('Password changed!')
            return redirect(url_for('myprofile'))
        flash('Invalid password')
        #return redirect(url_for('index'))
    return render_template('changepassword.html', title='Change Password', form=form)
Exemplo n.º 26
0
def change_password():
    """Route for logged in users to change password"""
    pw_form = ChangePasswordForm()
    if pw_form.validate_on_submit():
        # If new password is not equal to old
        if not current_user.validate_pass(pw_form.newpw.data):
            current_user.password = pw_form.newpw.data
            flash('Password successfuly changed!', 'info')
            db.session.add(current_user)
            db.session.commit()
        else:
            flash('Password must differ from the old.', 'danger')

    return render_template('settings/change_password.html', pw_form=pw_form)
Exemplo n.º 27
0
def reset_password(token):
    template_name = 'reset_password.html'
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    user = User.verify_token(token)
    if not user:
        return redirect(url_for('index'))
    form = ChangePasswordForm()
    if form.validate_on_submit():
        user.set_password(form.password.data)
        user.change_password = 0
        db.session.commit()
        flash('Your password has been reset.')
        return redirect(url_for('login'))
    return render_template(template_name, form=form)
Exemplo n.º 28
0
def change_password():
    form = ChangePasswordForm()
    # 判断密码是否合法
    if form.validate_on_submit():
        # 判断老密码是否正确
        user = current_user._get_current_object()
        if user.verify_password(form.old_password.data):
            # 取出新密码 就行设置保存
            user.password = form.new_password.data
            db.session.add(user)
            flash('修改成功')
            logout_user()
            # 返回登录
            return redirect(url_for('users.login'))
    return render_template('users/change_password.html', form=form)
Exemplo n.º 29
0
def account_change_password():
    form = ChangePasswordForm()
    if form.new_password.data == form.confirm_new_password.data:
        if form.validate_on_submit():
            if bcrypt.check_password_hash(current_user.password,form.old_password.data):
                hashed_password = bcrypt.generate_password_hash(form.new_password.data).decode('utf-8')
                current_user.password = hashed_password
                db.session.commit()
                flash('Password has been changed.', 'success')
                return redirect(url_for('account_change_password'))
            else:
                flash('Old password is incorrect.', 'danger')
    else:
        flash('Passwords do not match','danger')
    return render_template('account_change_password.html', title='account_change_password', form=form)
Exemplo n.º 30
0
def changePassword():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        user = User.query.filter_by(username=current_user.username).first()
        user.password_hash = generate_password_hash(form.password.data)
        user.pwPrompted = True
        db.session.commit()
        flash('Password Updated!', "error")
        return redirect(url_for('index'))
    if not current_user.pwPrompted and request.method == 'GET':
        flash("You MUST change your password to access other pages", "error")
    return render_template('changePassword.html',
                           title='Change Password',
                           form=form,
                           template=admin_template_validation())
Exemplo n.º 31
0
def change_password():
    """Change password Form"""
    form = ChangePasswordForm()
    if form.validate_on_submit():
        user = UserInformation.query.filter_by(
            username=form.username.data).first()
        user.set_password(form.password.data)
        db.session.commit()
        flash('Password update successfully')
        logout_user()
        return redirect(url_for('login'))
    form.username.data = current_user.username
    return render_template('change_password.html',
                           title='Change password',
                           form=form)
Exemplo n.º 32
0
def settings():
    """Show settings for authenticated user."""
    chpwd = ChangePasswordForm(prefix='pwd')
    chusr = ChangeUsernameForm(prefix='usr')

    if chpwd.submit.data and chpwd.validate_on_submit():
        current_user.change_password(chpwd.new_password.data)
        db.session.commit()
        flash('Changed password!', 'success')

    if chusr.submit.data and chusr.validate_on_submit():
        current_user.name = chusr.username.data
        db.session.commit()
        flash('Changed username!', 'success')

    return render_template('admin/settings.html', chpwd=chpwd, chusr=chusr)
def change_password():
    """Allow the user who did not register with a social account to change
    his password.
    """

    if current_user.register_with_provider:
        flash('Registered with a social account, no password is required')
        return redirect(url_for('mod_feed.index'))

    form = ChangePasswordForm()

    if form.validate_on_submit():
        flash('Password changed successfully')
        current_user.password = form.new_password.data

    return render_template('auth/change_password.html', form=form)
Exemplo n.º 34
0
def settings():
    form = SettingForm(obj=current_user)
    change_pwd_form = ChangePasswordForm(prefix='pwd')

    if form.has_been_submitted(request):
        if form.validate_on_submit():
            current_user.blog_title = form.blog_title.data
            current_user.blog_description = form.blog_description.data
            current_user.blog_image = form.blog_image.data
            current_user.blog_image_rounded = form.blog_image_rounded.data
            current_user.blog_bg = form.blog_bg.data
            current_user.blog_bg_public = form.blog_bg_public.data
            current_user.blog_bg_everywhere = form.blog_bg_everywhere.data
            current_user.blog_bg_override = form.blog_bg_override.data
            current_user.blog_bg_repeat = form.blog_bg_repeat.data
            current_user.blog_paginate = form.blog_paginate.data
            current_user.blog_paginate_by = form.blog_paginate_by.data
            current_user.blog_public = form.blog_public.data
            current_user.blog_truncate_posts = form.blog_truncate_posts.data
            current_user.blog_syntax_highlighter_css = form.blog_syntax_highlighter_css.data
            current_user.linkedin_url = form.linkedin_url.data
            current_user.gplus_url = form.gplus_url.data
            current_user.github_url = form.github_url.data
            current_user.twitter_url = form.twitter_url.data
            saved = current_user.save()
            if saved:
                flash("Saved your settings.")
                return redirect(url_for("blog.index", user_slug=current_user.blog_slug))
            else:
                flash("Something went wrong...")

    elif change_pwd_form.has_been_submitted(request):
        if change_pwd_form.validate_on_submit():
            current_user.set_password(change_pwd_form.new_password.data)
            saved = current_user.save()
            if saved:
                flash("Changed your password.")
            else:
                flash("Something went wrong...")
    return render_template("settings.html", form=form, change_pwd_form=change_pwd_form)
Exemplo n.º 35
0
    def settings(self):
        user = User.query.get(g.user.id)
        form = ChangePasswordForm(request.form)

        if request.method == 'POST' and form.validate():
            try:
                user.set_password(form.password.data)
                user.active = False
                db.session.commit()
            except Exception:
                flash('0Error setting password')
                return redirect(url_for('UserView:settings'))

            flash(
                '1Password set successfully! Please login with the new password.')
            session.pop('user_id')
            return redirect(url_for('UserView:login', next=url_for('UserView:settings')))

        helpers.flash_errors(form)
        return render_template('edit_user.html',
                               title='::Settings',
                               user=user,
                               form=form,
                               )