def change_password():
"""Change the password of an existing user"""
oldPassword = request.form['oldPassword']
newPassword = request.form['newPassword']
if bcrypt.check_password_hash(current_user.passw, oldPassword):
hashed = bcrypt.generate_password_hash(newPassword)
current_user.passw = hashed
current_user.commit_to_session()
return serve_response({})
return serve_error('old password does not match', 401)
def change_password():
oldPassword = request.form['oldPassword']
newPassword = request.form['newPassword']
if bcrypt.check_password_hash(current_user.passw, oldPassword):
hashed = bcrypt.generate_password_hash(newPassword)
current_user.passw = hashed
session.add(current_user)
session.flush()
session.commit()
return serve_response({})
return serve_error('old password does not match', 401)
def create_user():
"""Create a new user"""
# Get form contents
username = request.form['username']
password = request.form['password']
display = request.form['display']
# Create the user if doesn't already exist
user = load_user(username)
if user is None:
hashed = bcrypt.generate_password_hash(password)
user = User(username=username, passw=hashed, display=display, admin=0)
user.commit_to_session()
return serve_response({})
return serve_error('username already exists', 401)
def create_user():
# Verify that the poster is an admin
if current_user.admin == 0:
return server_error('Must be admin to create users', 401)
# Get form contents
username = request.form['username']
password = request.form['password']
display = request.form['display']
# Create the user if doesn't already exist
user = load_user(username)
if user is None:
hashed = bcrypt.generate_password_hash(password)
user = User(username=username, passw=hashed, display=display, admin=0)
session.add(user)
session.flush()
session.commit()
return serve_response({})
return serve_error('username already exists', 401)
