def change_password():
f = forms.ChangePassword(request.form)
if request.method == 'POST' and f.validate():
u = model.User.query.get(session['user_id'])
if u.check_pw(f.old_password.data.strip()):
u.password = f.new_password.data.strip()
model.db.session.commit()
flash('Password Changed')
return redirect(url_for('index'))
else:
model.db.session.rollback()
f.old_password.errors.append('Wrong current password!')
return render_template('change_password.html', form=f, page_title='Change Password')
def POST(self):
f = forms.ChangePassword()
i = web.input()
if not f.validates(i):
return render['account/password'](f)
user = accounts.get_current_user()
username = user.key.split("/")[-1]
if self.try_login(username, i.password):
accounts.update_account(username, password=i.new_password)
add_flash_message('note', _('Your password has been updated successfully.'))
raise web.seeother('/account')
else:
f.note = "Invalid password"
return render['account/password'](f)
def GET(self):
f = forms.ChangePassword()
return render['account/password'](f)
