use post instead of get for service password reset

author: Nico von Geyso <Nico.Geyso@FU-Berlin.de> 2012-09-29 13:50:09 +0200
committer: Nico von Geyso <Nico.Geyso@FU-Berlin.de> 2012-09-29 13:50:09 +0200
commit: 351fa11f182c12ae8db6c7141424b27bda77ba9d (patch)
tree: a1a445ef4c667ddee909038b934c54656e8f1e31
parent: 914ba3f28741ed6da2b7a05b43f47799e1967ee8 (diff)
download: web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.gz
web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.bz2
web-351fa11f182c12ae8db6c7141424b27bda77ba9d.zip
4 files changed, 33 insertions, 15 deletions
diff --git a/app.py b/app.py
index 855aa37..56731a4 100644
--- a/app.py
+++ b/app.py
@@ -18,6 +18,7 @@ if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ:
 
 app.all_services = account.SERVICES #TODO: take that from our json file or so
 
+
 @app.before_request
 def ldap_connect():
     g.ldap = account.AccountService(app.config['LDAP_HOST'], app.config['LDAP_BASE_DN'],
@@ -181,17 +182,18 @@ def lost_password_complete(token):
 @templated('settings.html')
 @login_required
 def settings():
-    s = request.args.get('delete_service_password', None)
-    if request.method == 'GET' and s:
-        for service in [x for x in app.all_services if x.name == s]:
-          g.user.reset_password(service.id)
-          g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind
-
     form = SettingsForm(request.form, mail=g.user.mail)
     if request.method == 'POST' and form.validate():
         changed = False
 
-        if request.form.get('submit_main'):
+        if request.form.get('submit_services'):
+            for service in app.all_services:
+                field = form.get_servicedelete(service.id)
+                if(field.data):
+                    g.user.reset_password(service.id)
+                    changed = True
+
+        elif request.form.get('submit_main'):
             if form.mail.data and form.mail.data != g.user.mail:
                 confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data))
                 confirm_link = url_for('change_mail', token=confirm_token, _external=True)
@@ -220,11 +222,11 @@ def settings():
                     changed = True
                     g.user.change_password(field.data, None, service.id)
 
-            if changed:
-                g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind
-                return redirect(url_for('settings'))
-            else:
-                flash(u'Nichts geändert.')
+        if changed:
+            g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind
+            return redirect(url_for('settings'))
+        else:
+            flash(u'Nichts geändert.')
 
 
     services = deepcopy(app.all_services)
diff --git a/forms.py b/forms.py
index 4d57d63..53f70ff 100644
--- a/forms.py
+++ b/forms.py
@@ -2,7 +2,7 @@
 from account import SERVICES, NoSuchUserError
 from flask import g, current_app, url_for, Markup
 from flask.ext.wtf import Form, validators, TextField, PasswordField,\
-                          ValidationError
+                          ValidationError, BooleanField
 from functools import partial
 from utils import _username_re
 
@@ -70,6 +70,8 @@ class SettingsForm(Form):
         return getattr(self, 'password_%s' % service_id)
     def get_servicepasswordconfirm(self, service_id):
         return getattr(self, 'password_confirm_%s' % service_id)
+    def get_servicedelete(self, service_id):
+        return getattr(self, 'delete_%s' % service_id)
 
 
 #TODO: find out how we can use app.all_services in that early state
@@ -81,3 +83,5 @@ for service in SERVICES:
             ]))
     setattr(SettingsForm, 'password_confirm_%s' % service.id,
             PasswordField(u'Passwort für %s (Bestätigung)' % service.name))
+    setattr(SettingsForm, 'delete_%s' % service.id,
+            BooleanField(u'Passwort für %s löschen' % service.name))
diff --git a/static/layout.css b/static/layout.css
index dc287bc..14f8ba4 100644
--- a/static/layout.css
+++ b/static/layout.css
@@ -175,6 +175,12 @@ form ul.errors {
   padding-top: 10px;
 }
 
+.form-submit-services {
+  margin-left: 30px;
+  padding-top: 10px;
+  clear: both;
+}
+
 /* flashing */
 
 ul.flashes {
diff --git a/templates/settings.html b/templates/settings.html
index 241ea00..3bc5f4d 100644
--- a/templates/settings.html
+++ b/templates/settings.html
@@ -18,14 +18,17 @@
   {%- for service in services %}
   <div class="service">
     <h3>
+      {% if service.changed %}
+        {{ form.get_servicedelete(service.id) }}
+      {% else %}
+        {{ form.get_servicedelete(service.id)(disabled=True) }}
+      {% endif %}
       {{ service.name }}
     </h3>
 
     <ul>
       {%- if service.changed %}
       <li class="active">aktiv</li>
-      <li>
-        <a href="{{ url_for('settings',delete_service_password=service.name)}}">löschen</a>
       </li>
       {%- else %}
       <li class="inactive">inaktiv</li>
@@ -40,6 +43,9 @@
     </div>
   </div>
   {%- endfor %}
+  <div class="form-submit-services">
+    <input type="submit" value="selektierte Passwörter löschen" name="submit_services" /> 
+  </div>
 </form>
 {%- endblock %}
author	Nico von Geyso <Nico.Geyso@FU-Berlin.de>	2012-09-29 13:50:09 +0200
committer	Nico von Geyso <Nico.Geyso@FU-Berlin.de>	2012-09-29 13:50:09 +0200
commit	351fa11f182c12ae8db6c7141424b27bda77ba9d (patch)
tree	a1a445ef4c667ddee909038b934c54656e8f1e31
parent	914ba3f28741ed6da2b7a05b43f47799e1967ee8 (diff)
download	web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.gz web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.bz2 web-351fa11f182c12ae8db6c7141424b27bda77ba9d.zip