def settings(page=None): if not session.get("uid"): return redirect(url_for("signin", next=get_path(request))) if page not in ("identity", "regional", "password"): return redirect(url_for("settings", page="identity")) if request.method == "POST": if request.form.get("validate"): if page == "password": backend = UserBackend() if not backend.authenticate(session.get("login"), request.form.get("password-current")): flash(_("Current password is invalid."), "error") elif request.form.get("password-new") != request.form.get("password-repeat"): flash(_("Passwords don't match."), "error") else: try: backend.set(modify=True, login=session.get("login"), password=request.form.get("password-new")) flash(_("Password successfuly changed."), "info") except PasswordTooShort: flash( _( "Password is too short. Must be a least %(length)d characters long.", length=PASSWORD_MIN_LENGTH, ), "error", ) else: settings = dict((x, request.form.get(x)) for x in SETTINGS_LIST if x in request.form) if settings: user = UserBackend().set(modify=True, login=session.get("login"), **settings) session.update( { "name": user.fullname, "avatar": "//gravatar.com/avatar/%s" % hashlib.md5(user.email.lower()).hexdigest(), } ) if "locale" in settings: g.user.locale = settings.get("locale") flash(_("Settings successfuly saved."), "info") return redirect(url_for("settings", page=page)) locales = [(x.language, x.display_name.capitalize()) for x in app.babel_instance.list_translations()] return render_template( "settings.html", page=page, locales=locales, timezones=common_timezones, current_locale=get_locale().language, current_timezone=get_timezone().zone, )
def index(path="/"): g.path = path action = request.args.get("do", "show") # Redirect if unknown action if action not in ACTIONS_PRIVILEGED + ACTIONS_UNPRIVILEGED: return redirect(url_for("index", path=path)) # Check for required authentication if action not in ACTIONS_UNPRIVILEGED and not session.get("uid"): return redirect(url_for("signin", next=get_path(request))) # Execute requested action if request.method == "POST" and action in ACTIONS_PRIVILEGED or action in ACTIONS_PRIVILEGED + ACTIONS_UNPRIVILEGED: return globals()["do_" + action](path) abort(405)