diff options
author | Nico von Geyso <Nico.Geyso@FU-Berlin.de> | 2012-09-29 13:50:09 +0200 |
---|---|---|
committer | Nico von Geyso <Nico.Geyso@FU-Berlin.de> | 2012-09-29 13:50:09 +0200 |
commit | 351fa11f182c12ae8db6c7141424b27bda77ba9d (patch) | |
tree | a1a445ef4c667ddee909038b934c54656e8f1e31 /app.py | |
parent | 914ba3f28741ed6da2b7a05b43f47799e1967ee8 (diff) | |
download | web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.gz web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.bz2 web-351fa11f182c12ae8db6c7141424b27bda77ba9d.zip |
use post instead of get for service password reset
Diffstat (limited to 'app.py')
-rw-r--r-- | app.py | 26 |
1 files changed, 14 insertions, 12 deletions
@@ -18,6 +18,7 @@ if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ: app.all_services = account.SERVICES #TODO: take that from our json file or so + @app.before_request def ldap_connect(): g.ldap = account.AccountService(app.config['LDAP_HOST'], app.config['LDAP_BASE_DN'], @@ -181,17 +182,18 @@ def lost_password_complete(token): @templated('settings.html') @login_required def settings(): - s = request.args.get('delete_service_password', None) - if request.method == 'GET' and s: - for service in [x for x in app.all_services if x.name == s]: - g.user.reset_password(service.id) - g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind - form = SettingsForm(request.form, mail=g.user.mail) if request.method == 'POST' and form.validate(): changed = False - if request.form.get('submit_main'): + if request.form.get('submit_services'): + for service in app.all_services: + field = form.get_servicedelete(service.id) + if(field.data): + g.user.reset_password(service.id) + changed = True + + elif request.form.get('submit_main'): if form.mail.data and form.mail.data != g.user.mail: confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data)) confirm_link = url_for('change_mail', token=confirm_token, _external=True) @@ -220,11 +222,11 @@ def settings(): changed = True g.user.change_password(field.data, None, service.id) - if changed: - g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind - return redirect(url_for('settings')) - else: - flash(u'Nichts geändert.') + if changed: + g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind + return redirect(url_for('settings')) + else: + flash(u'Nichts geändert.') services = deepcopy(app.all_services) |