~ren/magenta

35141645dfa69e746ad42c9b86471b91e8176655 — Lauren Jenkinson 10 months ago 67acb6f
profile: Require current password when changing password
M magenta/templates/profile/index.html => magenta/templates/profile/index.html +1 -1
@@ 31,7 31,7 @@

	<div class="form-main-actions">
		<a class="button" href="{{ url_for('profile.password') }}">Change password</a>
		<a class="button" href="{# url_for('profile.mfa') #}">Change multi-factor authentication settings</a>
		{# <a class="button" href="{{ url_for('profile.mfa') }}">Change multi-factor authentication settings</a> #}
	</div>
</div>
{% endblock content %}

M magenta/templates/profile/password.html => magenta/templates/profile/password.html +7 -4
@@ 14,11 14,14 @@
	{% include "partials/flashes.html" %}
	{% include "partials/form-errors.html" %}

	{{ form.password.label }}
	{{ form.password(placeholder=form.password.label.text) }}
	{{ form.current_password.label }}
	{{ form.current_password(placeholder=form.current_password.label.text) }}

	{{ form.password_confirm.label }}
	{{ form.password_confirm(placeholder=form.password_confirm.label.text) }}
	{{ form.new_password.label }}
	{{ form.new_password(placeholder=form.new_password.label.text) }}

	{{ form.new_password_confirm.label }}
	{{ form.new_password_confirm(placeholder=form.new_password_confirm.label.text) }}

	<button class="button" type="submit">Save</button>
</form>

M magenta/views/profile.py => magenta/views/profile.py +13 -5
@@ 17,6 17,7 @@ profile = Blueprint("profile", __name__, url_prefix="/profile")


PROFILE_EDIT_SUCCESS = "Profile information saved."
PASSWORD_INVALID = "Your current password was not correct."
PASSWORD_DIFFERS = "Your password was not the same in both fields."
PASSWORD_SUCCESS = "Your password has been changed."



@@ 30,9 31,12 @@ class ProfileEditForm(FlaskForm):


class PasswordEditForm(FlaskForm):
    password = PasswordField("Password", validators=[validators.DataRequired()])
    password_confirm = PasswordField(
        "Password (again, to confirm)", validators=[validators.DataRequired()]
    current_password = PasswordField(
        "Current password", validators=[validators.DataRequired()]
    )
    new_password = PasswordField("New password", validators=[validators.DataRequired()])
    new_password_confirm = PasswordField(
        "New password (again, to confirm)", validators=[validators.DataRequired()]
    )




@@ 58,11 62,15 @@ def password():
    user = g.user
    form = PasswordEditForm()
    if form.validate_on_submit():
        if form.password.data != form.password_confirm.data:
        if not user.validate_password(form.current_password.data):
            flash(PASSWORD_INVALID)
            return render_template("profile/password.html", form=form)

        if form.new_password.data != form.new_password_confirm.data:
            flash(PASSWORD_DIFFERS)
            return render_template("profile/password.html", form=form)

        user.set_password(form.password.data)
        user.set_password(form.new_password.data)

        db.session.add(user)
        db.session.commit()