def ChangePassword(self, request, context):
"""
Changes the user's password. They have to confirm their old password just in case.
If they didn't have an old password previously, then we don't check that.
"""
with session_scope() as session:
user = session.query(User).filter(User.id == context.user_id).one()
if not request.HasField("old_password") and not request.HasField(
"new_password"):
context.abort(grpc.StatusCode.INVALID_ARGUMENT,
errors.MISSING_BOTH_PASSWORDS)
_check_password(user, "old_password", request, context)
# password correct or no password
if not request.HasField("new_password"):
# the user wants to unset their password
user.hashed_password = None
else:
_abort_if_terrible_password(request.new_password.value,
context)
user.hashed_password = hash_password(
request.new_password.value)
session.commit()
send_password_changed_email(user)
return empty_pb2.Empty()
def SetPassword(self, request, context):
with session_scope() as session:
user = session.execute(
select(User).where(User.id == context.user_id)).scalar_one()
# this is important so anybody can't just set your password through the jail API
if user.has_password:
context.abort(grpc.StatusCode.FAILED_PRECONDITION,
errors.ALREADY_HAS_PASSWORD)
abort_on_invalid_password(request.new_password, context)
user.hashed_password = hash_password(request.new_password)
session.commit()
send_password_changed_email(user)
return self._get_jail_info(user)
def ChangePassword(self, request, context):
"""
Changes the user's password. They have to confirm their old password just in case.
If they didn't have an old password previously, then we don't check that.
"""
with session_scope() as session:
user = session.execute(
select(User).where(User.id == context.user_id)).scalar_one()
if not request.HasField("old_password") and not request.HasField(
"new_password"):
context.abort(grpc.StatusCode.INVALID_ARGUMENT,
errors.MISSING_BOTH_PASSWORDS)
_check_password(user, "old_password", request, context)
# password correct or no password
if not request.HasField("new_password"):
# the user wants to unset their password
user.hashed_password = None
else:
abort_on_invalid_password(request.new_password.value, context)
user.hashed_password = hash_password(
request.new_password.value)
session.commit()
send_password_changed_email(user)
notify(
user_id=user.id,
topic="password",
key="",
action="change",
icon="wrench",
title=f"Your password was changed",
link=urls.account_settings_link(),
)
return empty_pb2.Empty()