def patch(self, user):
"""Update a user's properties."""
content_type = request.headers.get('Content-Type')
loader = self.loaders.get(content_type)
if loader is None:
abort(406)
data = loader(user=user)
if data.get('password'):
try:
old_password = data['old_password']
except KeyError:
raise MissingOldPasswordError()
updated_password = data['password']
if verify_password(data['old_password'], user.password):
user.password = encrypt_password(updated_password)
db.session.commit()
_datastore.put(user)
password_changed.send(current_app._get_current_object(),
user=user)
del data['password']
del data['old_password']
user = User(id=user.id, **data)
user = db.session.merge(user)
db.session.commit()
return self.make_response(user, 200)
def change_user_password(user, password):
"""Change the specified user's password
:param user: The user to change_password
:param password: The unhashed new password
"""
user.password = hash_password(password)
g.datastore.modify_user(user)
send_password_changed_notice(user)
password_changed.send(current_app._get_current_object(),
user=user)
def change_user_password(_reset_password_link_func=None, **user_data):
"""Change user password."""
reset_password_link_func = _reset_password_link_func or \
default_reset_password_link_func
user = user_data['user']
user.password = None
if user_data.get('password') is not None:
user.password = hash_password(user_data['password'])
current_datastore.put(user)
if security_config_value('SEND_PASSWORD_CHANGE_EMAIL'):
reset_password_link = None
if current_security.recoverable:
_, reset_password_link = reset_password_link_func(user)
subject = security_config_value('EMAIL_SUBJECT_PASSWORD_CHANGE_NOTICE')
send_mail(subject, user.email, 'change_notice_rest', user=user,
reset_password_link=reset_password_link)
password_changed.send(current_app._get_current_object(),
user=user)
def change_password():
"""View function which handles a change password request."""
if request.form.get('password'):
try:
result = User.try_login(current_user.username,
request.form.get('password'))
if not result:
do_flash(*get_message('INVALID_PASSWORD'))
return {"status": False}
except ldap.INVALID_CREDENTIALS, e:
print e
do_flash(*get_message('INVALID_PASSWORD'))
return {"status": False}
if request.form.get('new_password') == request.form.get('password'):
do_flash(*get_message('PASSWORD_IS_THE_SAME'))
return {"status": False}
if request.form.get('new_password') == request.form.get(
'new_password_confirm'):
if len(request.form.get('new_password_confirm')) < 6:
do_flash(*get_message('PASSWORD_INVALID_LENGTH'))
return {"status": False}
status = User.change_pass(current_user.username,
request.form.get('password'),
request.form.get('new_password'))
if status:
password_changed.send(current_app._get_current_object(),
user=current_user._get_current_object())
do_flash(*get_message('PASSWORD_CHANGE'))
print "password changed"
return {"status": True}
else:
do_flash(*get_message('RETYPE_PASSWORD_MISMATCH'))
print "passwords dont match"
def change_user_password(_reset_password_link_func=None, **user_data):
"""Change user password."""
reset_password_link_func = (_reset_password_link_func
or default_reset_password_link_func)
user = user_data["user"]
user.password = None
if user_data.get("password") is not None:
user.password = hash_password(user_data["password"])
current_datastore.put(user)
if security_config_value("SEND_PASSWORD_CHANGE_EMAIL"):
reset_password_link = None
if current_security.recoverable:
_, reset_password_link = reset_password_link_func(user)
subject = security_config_value("EMAIL_SUBJECT_PASSWORD_CHANGE_NOTICE")
send_mail(
subject,
user.email,
"change_notice_rest",
user=user,
reset_password_link=reset_password_link,
)
password_changed.send(current_app._get_current_object(), user=user)