def _action(self) -> None: assert user.id is not None users = userdb.load_users(lock=True) user_spec = users[user.id] cur_password = request.get_str_input_mandatory("cur_password") password = request.get_str_input_mandatory("password") password2 = request.get_str_input_mandatory("password2", "") # Force change pw mode if not cur_password: raise MKUserError("cur_password", _("You need to provide your current password.")) if not password: raise MKUserError("password", _("You need to change your password.")) if cur_password == password: raise MKUserError("password", _("The new password must differ from your current one.")) if userdb.check_credentials(user.id, cur_password) is False: raise MKUserError("cur_password", _("Your old password is wrong.")) if password2 and password != password2: raise MKUserError("password2", _("The both new passwords do not match.")) watolib.verify_password_policy(password) user_spec["password"] = hash_password(password) user_spec["last_pw_change"] = int(time.time()) # In case the user was enforced to change it's password, remove the flag try: del user_spec["enforce_pw_change"] except KeyError: pass # Increase serial to invalidate old authentication cookies if "serial" not in user_spec: user_spec["serial"] = 1 else: user_spec["serial"] += 1 userdb.save_users(users) flash(_("Successfully changed password.")) # Set the new cookie to prevent logout for the current user login.update_auth_cookie(user.id) # In distributed setups with remote sites where the user can login, start the # user profile replication now which will redirect the user to the destination # page after completion. Otherwise directly open up the destination page. origtarget = request.get_str_input_mandatory("_origtarget", "user_change_pw.py") if user.authorized_login_sites(): raise redirect( makeuri_contextless( request, [("back", origtarget)], filename="user_profile_replicate.py" ) ) raise redirect(origtarget)
def _action(self) -> bool: assert config.user.id is not None users = userdb.load_users(lock=True) user = users[config.user.id] cur_password = html.request.get_str_input_mandatory('cur_password') password = html.request.get_str_input_mandatory('password') password2 = html.request.get_str_input_mandatory('password2', '') # Force change pw mode if not cur_password: raise MKUserError("cur_password", _("You need to provide your current password.")) if not password: raise MKUserError("password", _("You need to change your password.")) if cur_password == password: raise MKUserError( "password", _("The new password must differ from your current one.")) if userdb.check_credentials(config.user.id, cur_password) is False: raise MKUserError("cur_password", _("Your old password is wrong.")) if password2 and password != password2: raise MKUserError("password2", _("The both new passwords do not match.")) watolib.verify_password_policy(password) user['password'] = hash_password(password) user['last_pw_change'] = int(time.time()) # In case the user was enforced to change it's password, remove the flag try: del user['enforce_pw_change'] except KeyError: pass # Increase serial to invalidate old authentication cookies if 'serial' not in user: user['serial'] = 1 else: user['serial'] += 1 userdb.save_users(users) # Set the new cookie to prevent logout for the current user login.update_auth_cookie(config.user.id) return True