added support for changing the password, issue #643

2011-11-19 22:17:21 +01:00 · 2011-11-19 22:17:21 +01:00 · 4837b2f253
commit 4837b2f253
parent 909dda1f85
2 changed files with 37 additions and 10 deletions
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@ -43,6 +43,19 @@ class EditProfileForm(wtforms.Form):
        _('Website'),
        [wtforms.validators.Optional(),
         wtforms.validators.URL(message='Improperly formed URL')])
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Optional()])
+    new_password = wtforms.PasswordField(
+        _('New Password'),
+        [wtforms.validators.Optional(),
+         wtforms.validators.Length(min=6, max=30),
+         wtforms.validators.EqualTo(
+                'confirm_password',
+                'Passwords must match.')])
+    confirm_password = wtforms.PasswordField(
+        'Confirm password',
+        [wtforms.validators.Optional()])


 class EditAttachmentsForm(wtforms.Form):
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@ -26,6 +26,7 @@ from werkzeug.utils import secure_filename
 from mediagoblin import messages
 from mediagoblin import mg_globals

+from mediagoblin.auth import lib as auth_lib
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import require_active_login, get_user_media_entry
@ -161,19 +162,32 @@ def edit_profile(request):
        bio=user.get('bio'))

    if request.method == 'POST' and form.validate():
-            user['url'] = unicode(request.POST['url'])
-            user['bio'] = unicode(request.POST['bio'])
+        user['url'] = unicode(request.POST['url'])
+        user['bio'] = unicode(request.POST['bio'])

-            user['bio_html'] = cleaned_markdown_conversion(user['bio'])
-
-            user.save()
+        password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'],
+                                                          user['pw_hash'])

+        if (request.POST['old_password'] or request.POST['new_password']) and not \
+                password_matches:
            messages.add_message(request,
-                                 messages.SUCCESS,
-                                 _("Profile edited!"))
-            return redirect(request,
-                           'mediagoblin.user_pages.user_home',
-                            user=edit_username)
+                                 messages.ERROR,
+                                 _('Wrong password'))
+
+        if password_matches:
+            user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+                request.POST['new_password'])
+
+        user['bio_html'] = cleaned_markdown_conversion(user['bio'])
+
+        user.save()
+
+        messages.add_message(request,
+                             messages.SUCCESS,
+                             _("Profile edited!"))
+        return redirect(request,
+                       'mediagoblin.user_pages.user_home',
+                        user=edit_username)

    return render_to_response(
        request,