added support for changing the password, issue #643

mediagoblin/edit/forms.py

@@ -43,6 +43,19 @@ class EditProfileForm(wtforms.Form):
         _('Website'),
         [wtforms.validators.Optional(),
          wtforms.validators.URL(message='Improperly formed URL')])
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Optional()])
+    new_password = wtforms.PasswordField(
+        _('New Password'),
+        [wtforms.validators.Optional(),
+         wtforms.validators.Length(min=6, max=30),
+         wtforms.validators.EqualTo(
+                'confirm_password',
+                'Passwords must match.')])
+    confirm_password = wtforms.PasswordField(
+        'Confirm password',
+        [wtforms.validators.Optional()])
 
 
 class EditAttachmentsForm(wtforms.Form):

mediagoblin/edit/views.py

@@ -26,6 +26,7 @@ from werkzeug.utils import secure_filename
 from mediagoblin import messages
 from mediagoblin import mg_globals
 
+from mediagoblin.auth import lib as auth_lib
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import require_active_login, get_user_media_entry
@@ -164,6 +165,19 @@ def edit_profile(request):
         user['url'] = unicode(request.POST['url'])
         user['bio'] = unicode(request.POST['bio'])
 
+        password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'],
+                                                          user['pw_hash'])
+
+        if (request.POST['old_password'] or request.POST['new_password']) and not \
+                password_matches:
+            messages.add_message(request,
+                                 messages.ERROR,
+                                 _('Wrong password'))
+
+        if password_matches:
+            user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+                request.POST['new_password'])
+
         user['bio_html'] = cleaned_markdown_conversion(user['bio'])
 
         user.save()