moved change pass to a seperate view and fixed issues 709

2013-05-20 14:04:02 -07:00
parent 4adc3a85dd
commit 39aa1db4d6
5 changed files with 108 additions and 26 deletions
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@@ -59,17 +59,6 @@ class EditProfileForm(wtforms.Form):


 class EditAccountForm(wtforms.Form):
-    old_password = wtforms.PasswordField(
-        _('Old password'),
-        description=_(
-            "Enter your old password to prove you own this account."))
-    new_password = wtforms.PasswordField(
-        _('New password'),
-        [
-            wtforms.validators.Optional(),
-            wtforms.validators.Length(min=6, max=30)
-        ],
-        id="password")
    license_preference = wtforms.SelectField(
        _('License preference'),
        [
@@ -103,3 +92,15 @@ class EditCollectionForm(wtforms.Form):
        description=_(
            "The title part of this collection's address. "
            "You usually don't need to change this."))
+
+
+class ChangePassForm(wtforms.Form):
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Required()],
+        description=_(
+            "Enter your old password to prove you own this account."))
+    new_password = wtforms.PasswordField(
+        _('New password'),
+        [wtforms.validators.Required(),
+         wtforms.validators.Length(min=6, max=30)])
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -24,3 +24,5 @@ add_route('mediagoblin.edit.account', '/edit/account/',
    'mediagoblin.edit.views:edit_account')
 add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
    'mediagoblin.edit.views:delete_account')
+add_route('mediagoblin.edit.pass', '/edit/password/',
+    'mediagoblin.edit.views:change_pass')
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -228,18 +228,6 @@ def edit_account(request):
            user.wants_comment_notification = \
                form.wants_comment_notification.data

-        if form_validated and \
-                form.new_password.data or form.old_password.data:
-            password_matches = auth_lib.bcrypt_check_password(
-                form.old_password.data,
-                user.pw_hash)
-            if password_matches:
-                #the entire form validates and the password matches
-                user.pw_hash = auth_lib.bcrypt_gen_password_hash(
-                    form.new_password.data)
-            else:
-                form.old_password.errors.append(_('Wrong password'))
-
        if form_validated and \
                form.license_preference.validate(form):
            user.license_preference = \
@@ -345,3 +333,39 @@ def edit_collection(request, collection):
        'mediagoblin/edit/edit_collection.html',
        {'collection': collection,
         'form': form})
+
+
+@require_active_login
+def change_pass(request):
+    form = forms.ChangePassForm(request.form)
+    user = request.user
+
+    if request.method == 'POST' and form.validate():
+
+        if not auth_lib.bcrypt_check_password(
+                form.old_password.data, user.pw_hash):
+            form.old_password.errors.append(
+                _('Wrong password'))
+
+            return render_to_response(
+                request,
+                'mediagoblin/edit/change_pass.html',
+                {'form': form,
+                 'user': user})
+
+        # Password matches
+        user.pw_hash = auth_lib.bcrypt_gen_password_hash(
+            form.new_password.data)
+        user.save()
+
+        messages.add_message(
+            request, messages.SUCCESS,
+            _('Your password was changed successfully'))
+
+        return redirect(request, 'mediagoblin.edit.account')
+
+    return render_to_response(
+        request,
+        'mediagoblin/edit/change_pass.html',
+        {'form': form,
+         'user': user})