let users change their password william nilliam
This commit is contained in:
parent
1e5e2a2c27
commit
aa49d8e4b9
SSH Key Fingerprint:
SHA256:6xjGb6uA7lAVcULa7byPEN//rQ0wPoG+UzYVMfZnbvc
@ -116,6 +116,11 @@ app:post("user_delete", "/:username/delete", function(self)
|
||||
return {redirect_to = self:url_for("user", {username = self.params.username})}
|
||||
end
|
||||
|
||||
if me:is_admin() then
|
||||
util.inject_err_infobox("You can not delete the admin account!")
|
||||
return {redirect_to = self:url_for("user", {username = self.params.username})}
|
||||
end
|
||||
|
||||
if not authenticate_user(target_user, self.params.password) then
|
||||
util.inject_err_infobox(self, "The password you entered is incorrect.")
|
||||
return {redirect_to = self:url_for("user_delete_confirm", {username = me.username})}
|
||||
@ -199,6 +204,35 @@ app:post("user_set_avatar", "/:username/set_avatar", function(self)
|
||||
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
|
||||
end)
|
||||
|
||||
app:post("user_change_password", "/:username/new_password", function(self)
|
||||
local me = util.get_logged_in_user(self)
|
||||
if not me then
|
||||
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
|
||||
end
|
||||
local target_user = Users:find({username = self.params.username})
|
||||
if me.id ~= target_user.id then
|
||||
return {redirect_to = self:url_for("user", {username = self.params.username})}
|
||||
end
|
||||
local password = self.params.new_password
|
||||
local password2 = self.params.new_password2
|
||||
if not validate_password(password) then
|
||||
util.inject_err_infobox(self, "Password must be 10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces.")
|
||||
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
|
||||
end
|
||||
|
||||
if password ~= password2 then
|
||||
util.inject_err_infobox(self, "Passwords do not match.")
|
||||
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
|
||||
end
|
||||
|
||||
me:update({
|
||||
password_hash = auth.digest(password)
|
||||
})
|
||||
util.extend_session_cookie(self)
|
||||
util.inject_infobox(self, "Password updated.")
|
||||
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
|
||||
end)
|
||||
|
||||
app:get("user_settings", "/:username/settings", function(self)
|
||||
local me = util.get_logged_in_user(self)
|
||||
if me == nil then
|
||||
@ -345,6 +379,7 @@ app:post("user_logout", "/logout", function (self)
|
||||
|
||||
local session = Sessions:find({key = self.session.session_key})
|
||||
session:delete()
|
||||
self.session = nil
|
||||
return {redirect_to = self:url_for("user_login")}
|
||||
end)
|
||||
|
||||
|
||||
4
util.lua
4
util.lua
@ -165,6 +165,10 @@ end
|
||||
|
||||
-- OTHER API
|
||||
|
||||
function util.extend_session_cookie(req)
|
||||
req.session.last_activity = os.time()
|
||||
end
|
||||
|
||||
function util.validate_and_create_image(input_image, filename)
|
||||
local img = magick.load_image_from_blob(input_image)
|
||||
|
||||
|
||||
@ -21,7 +21,16 @@
|
||||
<% render("views.common.babycode-editor-component", {ta_name = "signature", prefill = me.signature_original_markup, ta_placeholder = "Will be shown under each of your posts", optional = true}) %>
|
||||
<input type="submit" value="Save settings">
|
||||
</form>
|
||||
<div>
|
||||
<a class="linkbutton critical" href="<%= url_for("user_delete_confirm", {username = me.username}) %>">Delete account</a>
|
||||
</div>
|
||||
<form method="post" action="<%= url_for("user_change_password", {username = me.username}) %>">
|
||||
<label for="new_password">Change password</label><br>
|
||||
<input type="password" id="new_password" name="new_password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
|
||||
<label for="new_password2">Confirm new password</label><br>
|
||||
<input type="password" id="new_password2" name="new_password2" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
|
||||
<input class="warn" type="submit" value="Change password">
|
||||
</form>
|
||||
<% if not me:is_admin() then %>
|
||||
<div>
|
||||
<a class="linkbutton critical" href="<%= url_for("user_delete_confirm", {username = me.username}) %>">Delete account</a>
|
||||
</div>
|
||||
<% end %>
|
||||
</div>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user