def change_password(user_id=0):
pass_form = ChangePasswordForm()
if pass_form.validate_on_submit():
logged_in_as = session.get('user_id')
if user_id != logged_in_as:
flash("You can only change your own password!")
return redirect(url_for('list_entries'))
try:
user = Users.get(user_id)
except SQLObjectNotFound:
flash("You must provide a user ID")
return redirect(url_for('list_users'))
else:
user.password = generate_password(pass_form.password.data)
flash("Password successfully changed")
return redirect(url_for('edit_user', user_id=user.id))
else:
try:
user = Users.get(user_id)
except SQLNotFoundError:
flash("You must provide a user ID")
return redirect(url_for('list_users'))
else:
return render_template('change_password.html',
data={'form': pass_form,
'user_id': user.id})
def __call__(self, form, field):
cyphertext = generate_password(field.data)
username = form.email.data
if form.user_id.data:
raise ValidationError(self.message)
try:
user = list(Users.select(AND(Users.q.email==username,
Users.q.password==cyphertext)))[0]
if not user.active:
raise ValidationError(self.message)
form.user_id.data = user.id
except (SQLObjectNotFound, IndexError):
raise ValidationError(self.message)
def create_user():
user_form = CreateUserForm()
if user_form.validate_on_submit():
user = Users(first_name = user_form.first_name.data,
last_name = user_form.last_name.data,
email = user_form.email.data,
password = generate_password(user_form.password.data),
alias = user_form.alias.data)
if user_form.avatar.data:
i = Image(url=user_form.alias.data)
user.avatar = i
flash("%s %s has been created" % (user.first_name, user.last_name))
return redirect(url_for('list_users'))
else:
user = {'first_name': '',
'last_name': '',
'email': '',
'password': '',
'avatar': ''}
return render_template('edit_user.html', data={'form': user_form,
'user': user})