diff options
author | Marian Sigler <m@qjym.de> | 2012-09-26 20:06:25 +0200 |
---|---|---|
committer | Marian Sigler <m@qjym.de> | 2012-09-26 20:06:25 +0200 |
commit | c27e5d3d34d01e9584580ce09e71d29c895b8d49 (patch) | |
tree | 36d31e334f0bca453e969fb52a80b2ff4e77a06c /app.py | |
parent | a4191e10683444cfff8119c0ce46be689e65c3ef (diff) | |
download | web-c27e5d3d34d01e9584580ce09e71d29c895b8d49.tar.gz web-c27e5d3d34d01e9584580ce09e71d29c895b8d49.tar.bz2 web-c27e5d3d34d01e9584580ce09e71d29c895b8d49.zip |
Fix password change; Don't require old password for settings changes
Diffstat (limited to 'app.py')
-rw-r--r-- | app.py | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -52,6 +52,7 @@ def index(): @logout_required def register(): #TODO: check for double uids + #TODO: check for double mails form = RegisterForm(request.form) if request.method == 'POST' and form.validate(): username = form.username.data @@ -164,6 +165,7 @@ def settings(): if request.form.get('submit_main'): if form.mail.data and form.mail.data != g.user.mail: + #TODO: check for uniqueness confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data)) confirm_link = url_for('change_mail', token=confirm_token, _external=True) @@ -179,7 +181,7 @@ def settings(): changed = True if form.password.data: - g.user.change_password(form.password.data, session['password']) + g.user.change_password(form.password.data, decrypt_password(session['password'])) session['password'] = encrypt_password(form.password.data) flash(u'Passwort geƤndert', 'success') @@ -211,6 +213,7 @@ def settings(): @app.route('/settings/change_mail/<token>') @login_required def change_mail(token): + #TODO: check for uniqueness username, mail = http_verify_confirmation('change_mail', token.encode('ascii'), timeout=3*24*60*60) if g.user.uid != username: |