diff options
author | Marian Sigler <m@qjym.de> | 2012-09-26 20:06:25 +0200 |
---|---|---|
committer | Marian Sigler <m@qjym.de> | 2012-09-26 20:06:25 +0200 |
commit | c27e5d3d34d01e9584580ce09e71d29c895b8d49 (patch) | |
tree | 36d31e334f0bca453e969fb52a80b2ff4e77a06c | |
parent | a4191e10683444cfff8119c0ce46be689e65c3ef (diff) | |
download | web-c27e5d3d34d01e9584580ce09e71d29c895b8d49.tar.gz web-c27e5d3d34d01e9584580ce09e71d29c895b8d49.tar.bz2 web-c27e5d3d34d01e9584580ce09e71d29c895b8d49.zip |
Fix password change; Don't require old password for settings changes
-rw-r--r-- | app.py | 5 | ||||
-rw-r--r-- | forms.py | 2 | ||||
-rw-r--r-- | templates/settings.html | 1 |
3 files changed, 4 insertions, 4 deletions
@@ -52,6 +52,7 @@ def index(): @logout_required def register(): #TODO: check for double uids + #TODO: check for double mails form = RegisterForm(request.form) if request.method == 'POST' and form.validate(): username = form.username.data @@ -164,6 +165,7 @@ def settings(): if request.form.get('submit_main'): if form.mail.data and form.mail.data != g.user.mail: + #TODO: check for uniqueness confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data)) confirm_link = url_for('change_mail', token=confirm_token, _external=True) @@ -179,7 +181,7 @@ def settings(): changed = True if form.password.data: - g.user.change_password(form.password.data, session['password']) + g.user.change_password(form.password.data, decrypt_password(session['password'])) session['password'] = encrypt_password(form.password.data) flash(u'Passwort geändert', 'success') @@ -211,6 +213,7 @@ def settings(): @app.route('/settings/change_mail/<token>') @login_required def change_mail(token): + #TODO: check for uniqueness username, mail = http_verify_confirmation('change_mail', token.encode('ascii'), timeout=3*24*60*60) if g.user.uid != username: @@ -38,8 +38,6 @@ class LostPasswordForm(Form): class SettingsForm(Form): - old_password = PasswordField('Bisheriges Passwort', - [validators.Required(u'Bitte gib dein (altes) Passwort an, um deine Daten zu ändern.')]) password = PasswordField('Neues Passwort', [validators.Optional(), validators.EqualTo('password_confirm', message=u'Passwörter stimmen nicht überein')]) password_confirm = PasswordField(u'Passwort bestätigen') diff --git a/templates/settings.html b/templates/settings.html index de317fb..064e5af 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -3,7 +3,6 @@ {%- set title = 'Einstellungen' %} {%- block content %} <form action="{{ url_for('settings') }}" method="post" class="form-horizontal"> - {{ render_field(form.old_password, autofocus="autofocus") }} <h2>Globale Einstellungen ändern</h2> {{ render_field(form.mail) }} {{ render_field(form.password) }} |