moved change_pass to basic_auth and fixed some typos with the moving of forgot pass

mediagoblin/plugins/basic_auth/forms.py

@@ -61,3 +61,16 @@ class ChangeForgotPassForm(wtforms.Form):
     token = wtforms.HiddenField(
         '',
         [wtforms.validators.Required()])
+
+
+class ChangePassForm(wtforms.Form):
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Required()],
+        description=_(
+            "Enter your old password to prove you own this account."))
+    new_password = wtforms.PasswordField(
+        _('New password'),
+        [wtforms.validators.Required(),
+         wtforms.validators.Length(min=6, max=30)],
+        id="password")

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/change_fp.html

@@ -29,7 +29,7 @@
 {%- endblock %}
 
 {% block mediagoblin_content %}
-  <form action="{{ request.urlgen('mediagoblin.auth.verify_forgot_password') }}"
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password') }}"
         method="POST" enctype="multipart/form-data">
     {{ csrf_token }}
     <div class="form_box">

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/change_pass.html

@@ -0,0 +1,52 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{% block mediagoblin_head %}
+  <script type="text/javascript"
+          src="{{ request.staticdirect('/js/show_password.js') }}"></script>
+{% endblock mediagoblin_head %}
+
+{% block title -%}
+  {% trans username=user.username -%}
+    Changing {{ username }}'s password
+  {%- endtrans %} &mdash; {{ super() }}
+{%- endblock %}
+
+{% block mediagoblin_content %}
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.edit.pass') }}"
+        method="POST" enctype="multipart/form-data">
+    <div class="form_box edit_box">
+      <h1>
+        {%- trans username=user.username -%}
+          Changing {{ username }}'s password
+        {%- endtrans -%}
+      </h1>
+      {{ wtforms_util.render_divs(form, True) }}
+      {{ csrf_token }}
+      <div class="form_submit_buttons">
+        <input type="submit" value="{% trans %}Save{% endtrans %}"
+        class="button_form" />
+      </div>
+    </div>
+  </form>
+{% endblock %}
+
+

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/forgot_password.html

@@ -24,7 +24,7 @@
 {%- endblock %}
 
 {% block mediagoblin_content %}
-  <form action="{{ request.urlgen('mediagoblin.auth.forgot_password') }}"
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.forgot_password') }}"
         method="POST" enctype="multipart/form-data">
     {{ csrf_token }}
     <div class="form_box">

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/verification.txt

@@ -0,0 +1,29 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-#}
+
+{% trans username=username, verification_url=verification_url|safe -%}
+Hi,
+
+We wanted to verify that you are {{ username }}. If this is the case, then 
+please follow the link below to verify your new email address.
+
+{{ verification_url }}
+
+If you are not {{ username }} or didn't request an email change, you can ignore
+this email.
+{%- endtrans %}

mediagoblin/plugins/basic_auth/views.py

@@ -17,6 +17,7 @@ from itsdangerous import BadSignature
 
 from mediagoblin import messages
 from mediagoblin.db.models import User
+from mediagoblin.decorators import require_active_login
 from mediagoblin.plugins.basic_auth import forms, tools
 from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin.tools.mail import email_debug_message
@@ -178,3 +179,39 @@ def _process_for_token(request):
         'has_token': 'token' in formdata_vars}
 
     return formdata
+
+
+@require_active_login
+def change_pass(request):
+    form = forms.ChangePassForm(request.form)
+    user = request.user
+
+    if request.method == 'POST' and form.validate():
+
+        if not tools.bcrypt_check_password(
+                form.old_password.data, user.pw_hash):
+            form.old_password.errors.append(
+                _('Wrong password'))
+
+            return render_to_response(
+                request,
+                'mediagoblin/plugins/basic_auth/change_pass.html',
+                {'form': form,
+                 'user': user})
+
+        # Password matches
+        user.pw_hash = tools.bcrypt_gen_password_hash(
+            form.new_password.data)
+        user.save()
+
+        messages.add_message(
+            request, messages.SUCCESS,
+            _('Your password was changed successfully'))
+
+        return redirect(request, 'mediagoblin.edit.account')
+
+    return render_to_response(
+        request,
+        'mediagoblin/plugins/basic_auth/change_pass.html',
+        {'form': form,
+         'user': user})