From d22d07f935ea7867c401ffbd6cdb2b88c89bbdb0 Mon Sep 17 00:00:00 2001 From: Burathar Date: Wed, 22 Jul 2020 20:17:30 +0200 Subject: [PATCH] implement set and change password --- app/auth/forms.py | 18 ++++++++++++- app/auth/routes.py | 34 ++++++++++++++++++++++++- app/main/routes.py | 12 +++++++-- app/templates/auth/user_hash_login.html | 2 +- app/templates/base.html | 2 +- 5 files changed, 62 insertions(+), 6 deletions(-) diff --git a/app/auth/forms.py b/app/auth/forms.py index 2c7d62b..f05029f 100644 --- a/app/auth/forms.py +++ b/app/auth/forms.py @@ -20,4 +20,20 @@ class RegistrationForm(FlaskForm): def validate_username(self, username): user = User.query.filter_by(name=username.data).first() if user is not None: - raise ValidationError('Please use a different username.') \ No newline at end of file + raise ValidationError('Please use a different username.') + +class ChangePasswordForm(FlaskForm): + old_password = PasswordField('Old Password', validators=[DataRequired(), + Length(min=0, max=128)]) + new_password = PasswordField('New Password', validators=[DataRequired(), + Length(min=0, max=128)]) + new_password2 = PasswordField( + 'Repeat New Password', validators=[DataRequired(), EqualTo('new_password')]) + submit = SubmitField('Apply') + +class SetPasswordForm(FlaskForm): + new_password = PasswordField('New Password', validators=[DataRequired(), + Length(min=0, max=128)]) + new_password2 = PasswordField( + 'Repeat New Password', validators=[DataRequired(), EqualTo('new_password')]) + submit = SubmitField('Set Password') diff --git a/app/auth/routes.py b/app/auth/routes.py index cf5ae3a..7b7d72d 100644 --- a/app/auth/routes.py +++ b/app/auth/routes.py @@ -6,7 +6,7 @@ from app import db from app.auth import bp from app.utils import generate_qr_code, serve_pil_image from app.models import User -from app.auth.forms import LoginForm, RegistrationForm +from app.auth.forms import LoginForm, RegistrationForm, ChangePasswordForm, SetPasswordForm @bp.route('/login', methods=['GET', 'POST']) def login(): @@ -94,3 +94,35 @@ def user_qrcode(auth_hash): abort(403) img = generate_qr_code(url_for('auth.user_hash_login', auth_hash=auth_hash, _external=True)) return serve_pil_image(img) + +@bp.route('/set_password', methods=['GET', 'POST']) +@bp.route('/change_password', methods=['GET', 'POST']) +def change_password(): + auth_hash = request.args.get('auth_hash', default=None, type=str) + if auth_hash: + user = User.query.filter_by(auth_hash=auth_hash).first_or_404() + login_user(user, True) + user.last_login = datetime.utcnow() + else: + if not current_user.is_authenticated: + abort(403) + user = User.query.filter_by(name=current_user.name).first_or_404() + no_old_password = not user.password_hash + if no_old_password: + form = SetPasswordForm() + else: + form = ChangePasswordForm() + + if form.validate_on_submit(): + if not no_old_password: + if not user.check_password(form.old_password.data): + flash('Invalid password') + return redirect(url_for('auth.change_password')) + user.set_password(form.new_password.data) + db.session.commit() + if no_old_password: + flash('Your password was set') + else: + flash('Your password was changed!') + return redirect(url_for('main.index')) + return render_template('auth/change_password.html', form=form) \ No newline at end of file diff --git a/app/main/routes.py b/app/main/routes.py index a4a4478..bab9237 100644 --- a/app/main/routes.py +++ b/app/main/routes.py @@ -324,7 +324,7 @@ def send_location(username): # Check if previous two locations are exactly the same, if so, only update timestamp of last location if last_location: - if datetime.utcnow() - last_location.timestamp < timedelta(milliseconds=1): + if datetime.utcnow() - last_location.timestamp < timedelta(minutes=1): return '', 204 if latitude == last_location.latitude and longitude == last_location.longitude and len(user.locations) >= 2: before_last_location = user.locations[-2] @@ -336,4 +336,12 @@ def send_location(username): user.locations.append(Location(longitude=longitude, latitude=latitude)) db.session.commit() - return '', 204 \ No newline at end of file + return '', 204 + +@bp.route('/user/') +@login_required +def user_profile(username): + user = User.query.filter_by(name=username).first_or_404() + if current_user != user: + abort(403) + return render_template('user_profile.html', user=user) \ No newline at end of file diff --git a/app/templates/auth/user_hash_login.html b/app/templates/auth/user_hash_login.html index 4a4cd4a..b77f1a3 100644 --- a/app/templates/auth/user_hash_login.html +++ b/app/templates/auth/user_hash_login.html @@ -12,7 +12,7 @@ logged out just visit this page again. However, if you want to be sure other people can't steal this account, please set a password.

- +
diff --git a/app/templates/base.html b/app/templates/base.html index 68ad074..7c28494 100644 --- a/app/templates/base.html +++ b/app/templates/base.html @@ -32,7 +32,7 @@ {% if current_user.is_anonymous %}
  • Login
    • {% else %} -
    • +
  • Logout
    • {% endif %}