heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'rodney757/change_pass'

Browse Source 
* rodney757/change_pass:
  fixed translation, and changed tabs to spaces, and change it so the user can view their password as they're typing.
  modified change_pass tests
  moved change pass to a seperate view and fixed issues 709
This commit is contained in:
Elrond 2013-05-21 18:34:23 +02:00
commit d5e035e919
6 changed files with 119 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
mediagoblin/edit/forms.py
View File

@ -59,17 +59,6 @@ class EditProfileForm(wtforms.Form):
class EditAccountForm(wtforms.Form):
old_password = wtforms.PasswordField(
_('Old password'),
description=_(
"Enter your old password to prove you own this account."))
new_password = wtforms.PasswordField(
_('New password'),
[
wtforms.validators.Optional(),
wtforms.validators.Length(min=6, max=30)
],
id="password")
license_preference = wtforms.SelectField(
_('License preference'),
[
@ -103,3 +92,16 @@ class EditCollectionForm(wtforms.Form):
description=_(
"The title part of this collection's address. "
"You usually don't need to change this."))
class ChangePassForm(wtforms.Form):
old_password = wtforms.PasswordField(
_('Old password'),
[wtforms.validators.Required()],
description=_(
"Enter your old password to prove you own this account."))
new_password = wtforms.PasswordField(
_('New password'),
[wtforms.validators.Required(),
wtforms.validators.Length(min=6, max=30)],
id="password")

2
mediagoblin/edit/routing.py
View File

@ -24,3 +24,5 @@ add_route('mediagoblin.edit.account', '/edit/account/',
'mediagoblin.edit.views:edit_account')
add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
'mediagoblin.edit.views:delete_account')
add_route('mediagoblin.edit.pass', '/edit/password/',
'mediagoblin.edit.views:change_pass')

48
mediagoblin/edit/views.py
View File

@ -228,18 +228,6 @@ def edit_account(request):
user.wants_comment_notification = \
form.wants_comment_notification.data
if form_validated and \
form.new_password.data or form.old_password.data:
password_matches = auth_lib.bcrypt_check_password(
form.old_password.data,
user.pw_hash)
if password_matches:
#the entire form validates and the password matches
user.pw_hash = auth_lib.bcrypt_gen_password_hash(
form.new_password.data)
else:
form.old_password.errors.append(_('Wrong password'))
if form_validated and \
form.license_preference.validate(form):
user.license_preference = \
@ -345,3 +333,39 @@ def edit_collection(request, collection):
'mediagoblin/edit/edit_collection.html',
{'collection': collection,
'form': form})
@require_active_login
def change_pass(request):
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not auth_lib.bcrypt_check_password(
form.old_password.data, user.pw_hash):
form.old_password.errors.append(
_('Wrong password'))
return render_to_response(
request,
'mediagoblin/edit/change_pass.html',
{'form': form,
'user': user})
# Password matches
user.pw_hash = auth_lib.bcrypt_gen_password_hash(
form.new_password.data)
user.save()
messages.add_message(
request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/edit/change_pass.html',
{'form': form,
'user': user})

52
mediagoblin/templates/mediagoblin/edit/change_pass.html Normal file
View File

@ -0,0 +1,52 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% extends "mediagoblin/base.html" %}
{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
{% block mediagoblin_head %}
<script type="text/javascript"
src="{{ request.staticdirect('/js/show_password.js') }}"></script>
{% endblock mediagoblin_head %}
{% block title -%}
{% trans username=user.username -%}
Changing {{ username }}'s password
{%- endtrans %} &mdash; {{ super() }}
{%- endblock %}
{% block mediagoblin_content %}
<form action="{{ request.urlgen('mediagoblin.edit.pass') }}"
method="POST" enctype="multipart/form-data">
<div class="form_box edit_box">
<h1>
{%- trans username=user.username -%}
Changing {{ username }}'s password
{%- endtrans -%}
</h1>
{{ wtforms_util.render_divs(form) }}
{{ csrf_token }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Save{% endtrans %}"
class="button_form" />
</div>
</div>
</form>
{% endblock %}

9
mediagoblin/templates/mediagoblin/edit/edit_account.html
View File

@ -41,8 +41,11 @@
Changing {{ username }}'s account settings
{%- endtrans -%}
</h1>
{{ wtforms_util.render_field_div(form.old_password) }}
{{ wtforms_util.render_field_div(form.new_password) }}
<p>
<a href="{{ request.urlgen('mediagoblin.edit.pass') }}">
{% trans %}Change your password.{% endtrans %}
</a>
</p>
<div class="form_field_input">
<p>{{ form.wants_comment_notification }}
{{ wtforms_util.render_label(form.wants_comment_notification) }}</p>
@ -50,7 +53,7 @@
{{- wtforms_util.render_field_div(form.license_preference) }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button_form" />
{{ csrf_token }}
{{ csrf_token }}
</div>
</div>
</form>

17
mediagoblin/tests/test_edit.py
View File

@ -14,6 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import urlparse
import pytest
from mediagoblin import mg_globals
@ -60,16 +61,17 @@ class TestUserEdit(object):
self.login(test_app)
# test that the password can be changed
# template.clear_test_template_context()
template.clear_test_template_context()
res = test_app.post(
'/edit/account/', {
'/edit/password/', {
'old_password': 'toast',
'new_password': '123456',
'wants_comment_notification': 'y'
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# Check for redirect on success
assert res.status_int == 302
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert bcrypt_check_password('123456', test_user.pw_hash)
@ -77,9 +79,10 @@ class TestUserEdit(object):
self.user_password = '123456'
# test that the password cannot be changed if the given
# old_password is wrong template.clear_test_template_context()
# old_password is wrong
template.clear_test_template_context()
test_app.post(
'/edit/account/', {
'/edit/password/', {
'old_password': 'toast',
'new_password': '098765',
})