diff options
-rw-r--r-- | app.py | 2 | ||||
-rw-r--r-- | forms.py | 12 | ||||
-rw-r--r-- | templates/settings.html | 2 |
3 files changed, 13 insertions, 3 deletions
@@ -216,7 +216,7 @@ def settings(): changed = True if form.password.data: - g.user.change_password(form.password.data, decrypt_password(session['password'])) + g.user.change_password(form.password.data, form.old_password.data) session['password'] = encrypt_password(form.password.data) flash(u'Passwort geändert', 'success') @@ -1,10 +1,10 @@ # -*- coding: utf-8 -*- from account import SERVICES, NoSuchUserError -from flask import g, current_app, url_for, Markup +from flask import g, current_app, session, url_for, Markup from flask.ext.wtf import Form, validators, TextField, PasswordField,\ ValidationError, BooleanField from functools import partial -from utils import _username_re +from utils import _username_re, decrypt_password username = partial(TextField, 'Benutzername', [validators.Regexp(_username_re, @@ -63,11 +63,19 @@ class LostPasswordForm(Form): class SettingsForm(Form): + old_password = PasswordField('Altes Passwort') password = PasswordField('Neues Passwort', [validators.Optional(), validators.EqualTo('password_confirm', message=u'Passwörter stimmen nicht überein')]) password_confirm = PasswordField(u'Passwort bestätigen') mail = TextField('E-Mail-Adresse', [validators.Optional(), validators.Email(), validators.Length(min=6, max=50)]) + def validate_old_password(form, field): + if form.password.data: + if not field.data: + raise ValidationError(u'Gib bitte dein altes Passwort ein, um ein neues zu setzen.') + if field.data != decrypt_password(session['password']): + raise ValidationError(u'Altes Passwort ist falsch.') + def validate_mail(form, field): results = g.ldap.find_by_mail(field.data) for user in results: diff --git a/templates/settings.html b/templates/settings.html index c91d978..c0854e5 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -5,6 +5,8 @@ <form action="{{ url_for('settings') }}" method="post" class="form-horizontal"> <h2>Globale Einstellungen ändern</h2> {{ render_field(form.mail) }} + <p></p> + {{ render_field(form.old_password) }} {{ render_field(form.password) }} {{ render_field(form.password_confirm) }} {{ render_csrf(form) }} |