implement set and change password

4 years ago · d22d07f935
5 changed files with 62 additions and 6 deletions
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@ -21,3 +21,19 @@ class RegistrationForm(FlaskForm):
        user = User.query.filter_by(name=username.data).first()
        if user is not None:
            raise ValidationError('Please use a different username.')
 class ChangePasswordForm(FlaskForm):
    old_password = PasswordField('Old Password', validators=[DataRequired(),
                                                             Length(min=0, max=128)])
    new_password = PasswordField('New Password', validators=[DataRequired(),
                                                             Length(min=0, max=128)])
    new_password2 = PasswordField(
        'Repeat New Password', validators=[DataRequired(), EqualTo('new_password')])
    submit = SubmitField('Apply')
 class SetPasswordForm(FlaskForm):
    new_password = PasswordField('New Password', validators=[DataRequired(),
                                                             Length(min=0, max=128)])
    new_password2 = PasswordField(
        'Repeat New Password', validators=[DataRequired(), EqualTo('new_password')])
    submit = SubmitField('Set Password')
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@ -6,7 +6,7 @@ from app import db
 from app.auth import bp
 from app.utils import generate_qr_code, serve_pil_image
 from app.models import User
-from app.auth.forms import LoginForm, RegistrationForm
+from app.auth.forms import LoginForm, RegistrationForm, ChangePasswordForm, SetPasswordForm
@bp.route('/login', methods=['GET', 'POST'])
 def login():
@ -94,3 +94,35 @@ def user_qrcode(auth_hash):
        abort(403)
    img = generate_qr_code(url_for('auth.user_hash_login', auth_hash=auth_hash, _external=True))
    return serve_pil_image(img)
@bp.route('/set_password', methods=['GET', 'POST'])
@bp.route('/change_password', methods=['GET', 'POST'])
 def change_password():
    auth_hash = request.args.get('auth_hash', default=None, type=str)
    if auth_hash:
        user = User.query.filter_by(auth_hash=auth_hash).first_or_404()
        login_user(user, True)
        user.last_login = datetime.utcnow()
    else:
        if not current_user.is_authenticated:
            abort(403)
        user = User.query.filter_by(name=current_user.name).first_or_404()
    no_old_password = not user.password_hash
    if no_old_password:
        form = SetPasswordForm()
    else:
        form = ChangePasswordForm()
    if form.validate_on_submit():
        if not no_old_password:
            if not user.check_password(form.old_password.data):
                flash('Invalid password')
                return redirect(url_for('auth.change_password'))
        user.set_password(form.new_password.data)
        db.session.commit()
        if no_old_password:
            flash('Your password was set')
        else:
            flash('Your password was changed!')
        return redirect(url_for('main.index'))
    return render_template('auth/change_password.html', form=form)
--- a/app/main/routes.py
+++ b/app/main/routes.py
@ -324,7 +324,7 @@ def send_location(username):
    # Check if previous two locations are exactly the same, if so, only update timestamp of last location
    if last_location:
-        if datetime.utcnow() - last_location.timestamp < timedelta(milliseconds=1):
+        if datetime.utcnow() - last_location.timestamp < timedelta(minutes=1):
            return '', 204
        if latitude == last_location.latitude and longitude == last_location.longitude and len(user.locations) >= 2:
            before_last_location = user.locations[-2]
@ -337,3 +337,11 @@ def send_location(username):
    user.locations.append(Location(longitude=longitude, latitude=latitude))
    db.session.commit()
    return '', 204
@bp.route('/user/<username>')
@login_required
 def user_profile(username):
    user = User.query.filter_by(name=username).first_or_404()
    if current_user != user:
        abort(403)
    return render_template('user_profile.html', user=user)
--- a/app/templates/auth/user_hash_login.html
+++ b/app/templates/auth/user_hash_login.html
@ -12,7 +12,7 @@
        logged out just visit this page again. However, if you want to be sure other people can't
        steal this account, please set a password.
      </p>
-      <a href="{{ url_for('main.index') }}"><button class="btn btn-primary">Set Password</button></a>
+      <a href="{{ url_for('auth.change_password', auth_hash=user.auth_hash) }}"><button class="btn btn-primary">Set Password</button></a>
      <a href="{{ url_for('auth.user_hash_login', auth_hash=user.auth_hash, login='true') }}"><button class="btn btn-primary">Start Playing!</button></a>
    </div>
  <div class="col-xs-0 col-md-1"></div>
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -32,7 +32,7 @@
        {% if current_user.is_anonymous %}
        <li><a href="{{ url_for('auth.login') }}">Login</a></li>
        {% else %}
-        <li><a href="#"><div class="hidden-xs hidden-sm">{{ current_user.name }}{% if game is defined %}/{{ game.name }}{% endif %}</div></a></li>
+        <li><a href="{{ url_for('main.user_profile', username=current_user.name) }}"><div class="hidden-xs hidden-sm">{{ current_user.name }}{% if game is defined %}/{{ game.name }}{% endif %}</div></a></li>
        <li><a href="{{ url_for('auth.logout') }}">Logout</a></li>
        {% endif %}
      </ul>