implement set and change password

4 years ago · d22d07f935
5 changed files with 62 additions and 6 deletions
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@ -20,4 +20,20 @@ class RegistrationForm(FlaskForm):
				@@ -20,4 +20,20 @@ class RegistrationForm(FlaskForm):
    def validate_username(self, username):
        user = User.query.filter_by(name=username.data).first()
        if user is not None:
-            raise ValidationError('Please use a different username.')
+            raise ValidationError('Please use a different username.')
+
+class ChangePasswordForm(FlaskForm):
+    old_password = PasswordField('Old Password', validators=[DataRequired(),
+                                                             Length(min=0, max=128)])
+    new_password = PasswordField('New Password', validators=[DataRequired(),
+                                                             Length(min=0, max=128)])
+    new_password2 = PasswordField(
+        'Repeat New Password', validators=[DataRequired(), EqualTo('new_password')])
+    submit = SubmitField('Apply')
+
+class SetPasswordForm(FlaskForm):
+    new_password = PasswordField('New Password', validators=[DataRequired(),
+                                                             Length(min=0, max=128)])
+    new_password2 = PasswordField(
+        'Repeat New Password', validators=[DataRequired(), EqualTo('new_password')])
+    submit = SubmitField('Set Password')
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@ -6,7 +6,7 @@ from app import db
				@@ -6,7 +6,7 @@ from app import db
 from app.auth import bp
 from app.utils import generate_qr_code, serve_pil_image
 from app.models import User
-from app.auth.forms import LoginForm, RegistrationForm
+from app.auth.forms import LoginForm, RegistrationForm, ChangePasswordForm, SetPasswordForm

@bp.route('/login', methods=['GET', 'POST'])
 def login():
@ -94,3 +94,35 @@ def user_qrcode(auth_hash):
				@@ -94,3 +94,35 @@ def user_qrcode(auth_hash):
        abort(403)
    img = generate_qr_code(url_for('auth.user_hash_login', auth_hash=auth_hash, _external=True))
    return serve_pil_image(img)
+
+@bp.route('/set_password', methods=['GET', 'POST'])
+@bp.route('/change_password', methods=['GET', 'POST'])
+def change_password():
+    auth_hash = request.args.get('auth_hash', default=None, type=str)
+    if auth_hash:
+        user = User.query.filter_by(auth_hash=auth_hash).first_or_404()
+        login_user(user, True)
+        user.last_login = datetime.utcnow()
+    else:
+        if not current_user.is_authenticated:
+            abort(403)
+        user = User.query.filter_by(name=current_user.name).first_or_404()
+    no_old_password = not user.password_hash
+    if no_old_password:
+        form = SetPasswordForm()
+    else:
+        form = ChangePasswordForm()
+
+    if form.validate_on_submit():
+        if not no_old_password:
+            if not user.check_password(form.old_password.data):
+                flash('Invalid password')
+                return redirect(url_for('auth.change_password'))
+        user.set_password(form.new_password.data)
+        db.session.commit()
+        if no_old_password:
+            flash('Your password was set')
+        else:
+            flash('Your password was changed!')
+        return redirect(url_for('main.index'))
+    return render_template('auth/change_password.html', form=form)
--- a/app/main/routes.py
+++ b/app/main/routes.py
@ -324,7 +324,7 @@ def send_location(username):
				@@ -324,7 +324,7 @@ def send_location(username):
    
    # Check if previous two locations are exactly the same, if so, only update timestamp of last location
    if last_location:
-        if datetime.utcnow() - last_location.timestamp < timedelta(milliseconds=1):
+        if datetime.utcnow() - last_location.timestamp < timedelta(minutes=1):
            return '', 204
        if latitude == last_location.latitude and longitude == last_location.longitude and len(user.locations) >= 2:
            before_last_location = user.locations[-2]
@ -336,4 +336,12 @@ def send_location(username):
				@@ -336,4 +336,12 @@ def send_location(username):
    
    user.locations.append(Location(longitude=longitude, latitude=latitude))
    db.session.commit()
-    return '', 204
+    return '', 204
+
+@bp.route('/user/<username>')
+@login_required
+def user_profile(username):
+    user = User.query.filter_by(name=username).first_or_404()
+    if current_user != user:
+        abort(403)
+    return render_template('user_profile.html', user=user)
--- a/app/templates/auth/user_hash_login.html
+++ b/app/templates/auth/user_hash_login.html
@ -12,7 +12,7 @@
				@@ -12,7 +12,7 @@
        logged out just visit this page again. However, if you want to be sure other people can't
        steal this account, please set a password.
      </p>
-      <a href="{{ url_for('main.index') }}"><button class="btn btn-primary">Set Password</button></a>
+      <a href="{{ url_for('auth.change_password', auth_hash=user.auth_hash) }}"><button class="btn btn-primary">Set Password</button></a>
      <a href="{{ url_for('auth.user_hash_login', auth_hash=user.auth_hash, login='true') }}"><button class="btn btn-primary">Start Playing!</button></a>
    </div>
  <div class="col-xs-0 col-md-1"></div>
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -32,7 +32,7 @@
				@@ -32,7 +32,7 @@
        {% if current_user.is_anonymous %}
        <li><a href="{{ url_for('auth.login') }}">Login</a></li>
        {% else %}
-        <li><a href="#"><div class="hidden-xs hidden-sm">{{ current_user.name }}{% if game is defined %}/{{ game.name }}{% endif %}</div></a></li>
+        <li><a href="{{ url_for('main.user_profile', username=current_user.name) }}"><div class="hidden-xs hidden-sm">{{ current_user.name }}{% if game is defined %}/{{ game.name }}{% endif %}</div></a></li>
        <li><a href="{{ url_for('auth.logout') }}">Logout</a></li>
        {% endif %}
      </ul>