def admin_user_password(userid): form = UserPasswordForm() if form.validate_on_submit(): admin_password = form.admin_password.data new_user_password = form.new_user_password.data currentuser_password: str = User.find_user( username_val=current_user.username, retval=USER_PASSWORD_USERKEY) if User.check_pass(currentuser_password, admin_password): User.update_val((USER_PASSWORD_USERKEY, new_user_password), user_id=userid) return redirect(url_for("admin.admin_manage_users")) else: form.admin_password.errors = "Current Admin Password was incorrect!!!" return render_template("admin/change-user-password.html", form=form) return render_template("admin/change-user-password.html", form=form)
def login(): """checks to see if the user is already authenticated or not. If not the user will input their username and password and if it matches they will be stored in flask-login so they can be authenticated. It also checks to see which role the user is and directs them to the appropriate homepage""" if current_user.is_authenticated: user = User.find_user(username_val=current_user.username) path = User.check_roles(user) return redirect(path) form = LoginForm() if form.validate_on_submit() and request.method == "POST": raw_username = request.form.get("username") username = strip_text(raw_username, toStr=True) user = User.find_user(username_val=username) raw_password = request.form.get("password") password = strip_text(raw_password, toStr=True) if user and User.check_pass(user[USER_PASSWORD], password): user_obj = User(username=user[USERNAME], password=user[USER_PASSWORD], email=[USER_EMAIL], roles=user[USER_ROLES], _id=user[USER_ID]) login_user(user_obj) newpath = User.check_roles(user) print(newpath) return redirect(newpath) else: error = "Username or Password was incorrect." return render_template('auth/login.html', title='Sign In', form=form, error=error) return render_template('auth/login.html', title='Sign In', form=form)