diff options
author | Nico von Geyso <Nico.Geyso@FU-Berlin.de> | 2012-09-29 13:50:09 +0200 |
---|---|---|
committer | Nico von Geyso <Nico.Geyso@FU-Berlin.de> | 2012-09-29 13:50:09 +0200 |
commit | 351fa11f182c12ae8db6c7141424b27bda77ba9d (patch) | |
tree | a1a445ef4c667ddee909038b934c54656e8f1e31 | |
parent | 914ba3f28741ed6da2b7a05b43f47799e1967ee8 (diff) | |
download | web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.gz web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.bz2 web-351fa11f182c12ae8db6c7141424b27bda77ba9d.zip |
use post instead of get for service password reset
-rw-r--r-- | app.py | 26 | ||||
-rw-r--r-- | forms.py | 6 | ||||
-rw-r--r-- | static/layout.css | 6 | ||||
-rw-r--r-- | templates/settings.html | 10 |
4 files changed, 33 insertions, 15 deletions
@@ -18,6 +18,7 @@ if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ: app.all_services = account.SERVICES #TODO: take that from our json file or so + @app.before_request def ldap_connect(): g.ldap = account.AccountService(app.config['LDAP_HOST'], app.config['LDAP_BASE_DN'], @@ -181,17 +182,18 @@ def lost_password_complete(token): @templated('settings.html') @login_required def settings(): - s = request.args.get('delete_service_password', None) - if request.method == 'GET' and s: - for service in [x for x in app.all_services if x.name == s]: - g.user.reset_password(service.id) - g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind - form = SettingsForm(request.form, mail=g.user.mail) if request.method == 'POST' and form.validate(): changed = False - if request.form.get('submit_main'): + if request.form.get('submit_services'): + for service in app.all_services: + field = form.get_servicedelete(service.id) + if(field.data): + g.user.reset_password(service.id) + changed = True + + elif request.form.get('submit_main'): if form.mail.data and form.mail.data != g.user.mail: confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data)) confirm_link = url_for('change_mail', token=confirm_token, _external=True) @@ -220,11 +222,11 @@ def settings(): changed = True g.user.change_password(field.data, None, service.id) - if changed: - g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind - return redirect(url_for('settings')) - else: - flash(u'Nichts geändert.') + if changed: + g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind + return redirect(url_for('settings')) + else: + flash(u'Nichts geändert.') services = deepcopy(app.all_services) @@ -2,7 +2,7 @@ from account import SERVICES, NoSuchUserError from flask import g, current_app, url_for, Markup from flask.ext.wtf import Form, validators, TextField, PasswordField,\ - ValidationError + ValidationError, BooleanField from functools import partial from utils import _username_re @@ -70,6 +70,8 @@ class SettingsForm(Form): return getattr(self, 'password_%s' % service_id) def get_servicepasswordconfirm(self, service_id): return getattr(self, 'password_confirm_%s' % service_id) + def get_servicedelete(self, service_id): + return getattr(self, 'delete_%s' % service_id) #TODO: find out how we can use app.all_services in that early state @@ -81,3 +83,5 @@ for service in SERVICES: ])) setattr(SettingsForm, 'password_confirm_%s' % service.id, PasswordField(u'Passwort für %s (Bestätigung)' % service.name)) + setattr(SettingsForm, 'delete_%s' % service.id, + BooleanField(u'Passwort für %s löschen' % service.name)) diff --git a/static/layout.css b/static/layout.css index dc287bc..14f8ba4 100644 --- a/static/layout.css +++ b/static/layout.css @@ -175,6 +175,12 @@ form ul.errors { padding-top: 10px; } +.form-submit-services { + margin-left: 30px; + padding-top: 10px; + clear: both; +} + /* flashing */ ul.flashes { diff --git a/templates/settings.html b/templates/settings.html index 241ea00..3bc5f4d 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -18,14 +18,17 @@ {%- for service in services %} <div class="service"> <h3> + {% if service.changed %} + {{ form.get_servicedelete(service.id) }} + {% else %} + {{ form.get_servicedelete(service.id)(disabled=True) }} + {% endif %} {{ service.name }} </h3> <ul> {%- if service.changed %} <li class="active">aktiv</li> - <li> - <a href="{{ url_for('settings',delete_service_password=service.name)}}">löschen</a> </li> {%- else %} <li class="inactive">inaktiv</li> @@ -40,6 +43,9 @@ </div> </div> {%- endfor %} + <div class="form-submit-services"> + <input type="submit" value="selektierte Passwörter löschen" name="submit_services" /> + </div> </form> {%- endblock %} |