From 39aa1db4d69eb2fb49da463f973484b501b3ee52 Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Mon, 20 May 2013 14:04:02 -0700 Subject: [PATCH 1/3] moved change pass to a seperate view and fixed issues 709 --- mediagoblin/edit/forms.py | 23 ++++---- mediagoblin/edit/routing.py | 2 + mediagoblin/edit/views.py | 48 ++++++++++++----- .../mediagoblin/edit/change_pass.html | 52 +++++++++++++++++++ .../mediagoblin/edit/edit_account.html | 9 ++-- 5 files changed, 108 insertions(+), 26 deletions(-) create mode 100644 mediagoblin/templates/mediagoblin/edit/change_pass.html diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py index ef270237..c67180e9 100644 --- a/mediagoblin/edit/forms.py +++ b/mediagoblin/edit/forms.py @@ -59,17 +59,6 @@ class EditProfileForm(wtforms.Form): class EditAccountForm(wtforms.Form): - old_password = wtforms.PasswordField( - _('Old password'), - description=_( - "Enter your old password to prove you own this account.")) - new_password = wtforms.PasswordField( - _('New password'), - [ - wtforms.validators.Optional(), - wtforms.validators.Length(min=6, max=30) - ], - id="password") license_preference = wtforms.SelectField( _('License preference'), [ @@ -103,3 +92,15 @@ class EditCollectionForm(wtforms.Form): description=_( "The title part of this collection's address. " "You usually don't need to change this.")) + + +class ChangePassForm(wtforms.Form): + old_password = wtforms.PasswordField( + _('Old password'), + [wtforms.validators.Required()], + description=_( + "Enter your old password to prove you own this account.")) + new_password = wtforms.PasswordField( + _('New password'), + [wtforms.validators.Required(), + wtforms.validators.Length(min=6, max=30)]) diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py index 035a766f..622729ac 100644 --- a/mediagoblin/edit/routing.py +++ b/mediagoblin/edit/routing.py @@ -24,3 +24,5 @@ add_route('mediagoblin.edit.account', '/edit/account/', 'mediagoblin.edit.views:edit_account') add_route('mediagoblin.edit.delete_account', '/edit/account/delete/', 'mediagoblin.edit.views:delete_account') +add_route('mediagoblin.edit.pass', '/edit/password/', + 'mediagoblin.edit.views:change_pass') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index bfcf65b5..508c380d 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -228,18 +228,6 @@ def edit_account(request): user.wants_comment_notification = \ form.wants_comment_notification.data - if form_validated and \ - form.new_password.data or form.old_password.data: - password_matches = auth_lib.bcrypt_check_password( - form.old_password.data, - user.pw_hash) - if password_matches: - #the entire form validates and the password matches - user.pw_hash = auth_lib.bcrypt_gen_password_hash( - form.new_password.data) - else: - form.old_password.errors.append(_('Wrong password')) - if form_validated and \ form.license_preference.validate(form): user.license_preference = \ @@ -345,3 +333,39 @@ def edit_collection(request, collection): 'mediagoblin/edit/edit_collection.html', {'collection': collection, 'form': form}) + + +@require_active_login +def change_pass(request): + form = forms.ChangePassForm(request.form) + user = request.user + + if request.method == 'POST' and form.validate(): + + if not auth_lib.bcrypt_check_password( + form.old_password.data, user.pw_hash): + form.old_password.errors.append( + _('Wrong password')) + + return render_to_response( + request, + 'mediagoblin/edit/change_pass.html', + {'form': form, + 'user': user}) + + # Password matches + user.pw_hash = auth_lib.bcrypt_gen_password_hash( + form.new_password.data) + user.save() + + messages.add_message( + request, messages.SUCCESS, + _('Your password was changed successfully')) + + return redirect(request, 'mediagoblin.edit.account') + + return render_to_response( + request, + 'mediagoblin/edit/change_pass.html', + {'form': form, + 'user': user}) diff --git a/mediagoblin/templates/mediagoblin/edit/change_pass.html b/mediagoblin/templates/mediagoblin/edit/change_pass.html new file mode 100644 index 00000000..a621751f --- /dev/null +++ b/mediagoblin/templates/mediagoblin/edit/change_pass.html @@ -0,0 +1,52 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} +{% extends "mediagoblin/base.html" %} + +{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %} + +{% block mediagoblin_head %} + +{% endblock mediagoblin_head %} + +{% block title -%} + {% trans username=user.username -%} + Changing {{ username }}'s password + {%- endtrans %} — {{ super() }} +{%- endblock %} + +{% block mediagoblin_content %} +
+
+

+ {%- trans username=user.username -%} + Changing {{ username }}'s password + {%- endtrans -%} +

+ {{ wtforms_util.render_divs(form) }} + {{ csrf_token }} +
+ +
+
+
+{% endblock %} + + diff --git a/mediagoblin/templates/mediagoblin/edit/edit_account.html b/mediagoblin/templates/mediagoblin/edit/edit_account.html index 7fe2c031..dfb216e5 100644 --- a/mediagoblin/templates/mediagoblin/edit/edit_account.html +++ b/mediagoblin/templates/mediagoblin/edit/edit_account.html @@ -40,9 +40,12 @@ {%- trans username=user.username -%} Changing {{ username }}'s account settings {%- endtrans -%} - - {{ wtforms_util.render_field_div(form.old_password) }} - {{ wtforms_util.render_field_div(form.new_password) }} + +

{% trans %}Change your{% endtrans %} + + {% trans %}password.{% endtrans %} + +

{{ form.wants_comment_notification }} {{ wtforms_util.render_label(form.wants_comment_notification) }}

From eb396abc4a3d443b603809e2fcf864e31bd88fac Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Mon, 20 May 2013 14:27:43 -0700 Subject: [PATCH 2/3] modified change_pass tests --- mediagoblin/tests/test_edit.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/mediagoblin/tests/test_edit.py b/mediagoblin/tests/test_edit.py index cda2607f..08b4f8cf 100644 --- a/mediagoblin/tests/test_edit.py +++ b/mediagoblin/tests/test_edit.py @@ -14,6 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +import urlparse import pytest from mediagoblin import mg_globals @@ -60,16 +61,17 @@ class TestUserEdit(object): self.login(test_app) # test that the password can be changed - # template.clear_test_template_context() + template.clear_test_template_context() res = test_app.post( - '/edit/account/', { + '/edit/password/', { 'old_password': 'toast', 'new_password': '123456', - 'wants_comment_notification': 'y' }) + res.follow() + + # Did we redirect to the correct page? + assert urlparse.urlsplit(res.location)[2] == '/edit/account/' - # Check for redirect on success - assert res.status_int == 302 # test_user has to be fetched again in order to have the current values test_user = User.query.filter_by(username=u'chris').first() assert bcrypt_check_password('123456', test_user.pw_hash) @@ -77,9 +79,10 @@ class TestUserEdit(object): self.user_password = '123456' # test that the password cannot be changed if the given - # old_password is wrong template.clear_test_template_context() + # old_password is wrong + template.clear_test_template_context() test_app.post( - '/edit/account/', { + '/edit/password/', { 'old_password': 'toast', 'new_password': '098765', }) From 2ba7603469a80ccfc1c07ddebc53ad6c6f0a6f79 Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Tue, 21 May 2013 08:51:21 -0700 Subject: [PATCH 3/3] fixed translation, and changed tabs to spaces, and change it so the user can view their password as they're typing. --- mediagoblin/edit/forms.py | 3 ++- .../templates/mediagoblin/edit/change_pass.html | 10 +++++----- .../templates/mediagoblin/edit/edit_account.html | 14 +++++++------- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py index c67180e9..3b2486de 100644 --- a/mediagoblin/edit/forms.py +++ b/mediagoblin/edit/forms.py @@ -103,4 +103,5 @@ class ChangePassForm(wtforms.Form): new_password = wtforms.PasswordField( _('New password'), [wtforms.validators.Required(), - wtforms.validators.Length(min=6, max=30)]) + wtforms.validators.Length(min=6, max=30)], + id="password") diff --git a/mediagoblin/templates/mediagoblin/edit/change_pass.html b/mediagoblin/templates/mediagoblin/edit/change_pass.html index a621751f..ff909b07 100644 --- a/mediagoblin/templates/mediagoblin/edit/change_pass.html +++ b/mediagoblin/templates/mediagoblin/edit/change_pass.html @@ -40,13 +40,13 @@ {%- endtrans -%} {{ wtforms_util.render_divs(form) }} - {{ csrf_token }} + {{ csrf_token }}
-
-
- + class="button_form" /> + + + {% endblock %} diff --git a/mediagoblin/templates/mediagoblin/edit/edit_account.html b/mediagoblin/templates/mediagoblin/edit/edit_account.html index dfb216e5..4c4aaf95 100644 --- a/mediagoblin/templates/mediagoblin/edit/edit_account.html +++ b/mediagoblin/templates/mediagoblin/edit/edit_account.html @@ -40,12 +40,12 @@ {%- trans username=user.username -%} Changing {{ username }}'s account settings {%- endtrans -%} - -

{% trans %}Change your{% endtrans %} - - {% trans %}password.{% endtrans %} - -

+ +

+ + {% trans %}Change your password.{% endtrans %} + +

{{ form.wants_comment_notification }} {{ wtforms_util.render_label(form.wants_comment_notification) }}

@@ -53,7 +53,7 @@ {{- wtforms_util.render_field_div(form.license_preference) }}
- {{ csrf_token }} + {{ csrf_token }}