use post instead of get for service password reset

author: Nico von Geyso <Nico.Geyso@FU-Berlin.de> 2012-09-29 13:50:09 +0200
committer: Nico von Geyso <Nico.Geyso@FU-Berlin.de> 2012-09-29 13:50:09 +0200
commit: 351fa11f182c12ae8db6c7141424b27bda77ba9d (patch)
tree: a1a445ef4c667ddee909038b934c54656e8f1e31 /app.py
parent: 914ba3f28741ed6da2b7a05b43f47799e1967ee8 (diff)
download: web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.gz
web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.bz2
web-351fa11f182c12ae8db6c7141424b27bda77ba9d.zip
1 files changed, 14 insertions, 12 deletions
diff --git a/app.py b/app.py
index 855aa37..56731a4 100644
--- a/app.py
+++ b/app.py
@@ -18,6 +18,7 @@ if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ:
 
 app.all_services = account.SERVICES #TODO: take that from our json file or so
 
+
 @app.before_request
 def ldap_connect():
     g.ldap = account.AccountService(app.config['LDAP_HOST'], app.config['LDAP_BASE_DN'],
@@ -181,17 +182,18 @@ def lost_password_complete(token):
 @templated('settings.html')
 @login_required
 def settings():
-    s = request.args.get('delete_service_password', None)
-    if request.method == 'GET' and s:
-        for service in [x for x in app.all_services if x.name == s]:
-          g.user.reset_password(service.id)
-          g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind
-
     form = SettingsForm(request.form, mail=g.user.mail)
     if request.method == 'POST' and form.validate():
         changed = False
 
-        if request.form.get('submit_main'):
+        if request.form.get('submit_services'):
+            for service in app.all_services:
+                field = form.get_servicedelete(service.id)
+                if(field.data):
+                    g.user.reset_password(service.id)
+                    changed = True
+
+        elif request.form.get('submit_main'):
             if form.mail.data and form.mail.data != g.user.mail:
                 confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data))
                 confirm_link = url_for('change_mail', token=confirm_token, _external=True)
@@ -220,11 +222,11 @@ def settings():
                     changed = True
                     g.user.change_password(field.data, None, service.id)
 
-            if changed:
-                g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind
-                return redirect(url_for('settings'))
-            else:
-                flash(u'Nichts geändert.')
+        if changed:
+            g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind
+            return redirect(url_for('settings'))
+        else:
+            flash(u'Nichts geändert.')
 
 
     services = deepcopy(app.all_services)
author	Nico von Geyso <Nico.Geyso@FU-Berlin.de>	2012-09-29 13:50:09 +0200
committer	Nico von Geyso <Nico.Geyso@FU-Berlin.de>	2012-09-29 13:50:09 +0200
commit	351fa11f182c12ae8db6c7141424b27bda77ba9d (patch)
tree	a1a445ef4c667ddee909038b934c54656e8f1e31 /app.py
parent	914ba3f28741ed6da2b7a05b43f47799e1967ee8 (diff)
download	web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.gz web-351fa11f182c12ae8db6c7141424b27bda77ba9d.tar.bz2 web-351fa11f182c12ae8db6c7141424b27bda77ba9d.zip