yagich/porom
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

let users change their password william nilliam

Browse Source
This commit is contained in:
Lera Elvoé 2025-05-28 04:43:49 +03:00
parent 1e5e2a2c27
commit aa49d8e4b9
Signed by: yagich
SSH Key Fingerprint: SHA256:6xjGb6uA7lAVcULa7byPEN//rQ0wPoG+UzYVMfZnbvc
3 changed files with 51 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
apps/users.lua
View File

@ -116,6 +116,11 @@ app:post("user_delete", "/:username/delete", function(self)
return {redirect_to = self:url_for("user", {username = self.params.username})} return {redirect_to = self:url_for("user", {username = self.params.username})}
end end
if me:is_admin() then
util.inject_err_infobox("You can not delete the admin account!")
return {redirect_to = self:url_for("user", {username = self.params.username})}
end
if not authenticate_user(target_user, self.params.password) then if not authenticate_user(target_user, self.params.password) then
util.inject_err_infobox(self, "The password you entered is incorrect.") util.inject_err_infobox(self, "The password you entered is incorrect.")
return {redirect_to = self:url_for("user_delete_confirm", {username = me.username})} return {redirect_to = self:url_for("user_delete_confirm", {username = me.username})}
@ -199,6 +204,35 @@ app:post("user_set_avatar", "/:username/set_avatar", function(self)
return {redirect_to = self:url_for("user_settings", {username = self.params.username})} return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end) end)
app:post("user_change_password", "/:username/new_password", function(self)
local me = util.get_logged_in_user(self)
if not me then
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end
local target_user = Users:find({username = self.params.username})
if me.id ~= target_user.id then
return {redirect_to = self:url_for("user", {username = self.params.username})}
end
local password = self.params.new_password
local password2 = self.params.new_password2
if not validate_password(password) then
util.inject_err_infobox(self, "Password must be 10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces.")
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end
if password ~= password2 then
util.inject_err_infobox(self, "Passwords do not match.")
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end
me:update({
password_hash = auth.digest(password)
})
util.extend_session_cookie(self)
util.inject_infobox(self, "Password updated.")
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end)
app:get("user_settings", "/:username/settings", function(self) app:get("user_settings", "/:username/settings", function(self)
local me = util.get_logged_in_user(self) local me = util.get_logged_in_user(self)
if me == nil then if me == nil then
@ -345,6 +379,7 @@ app:post("user_logout", "/logout", function (self)
local session = Sessions:find({key = self.session.session_key}) local session = Sessions:find({key = self.session.session_key})
session:delete() session:delete()
self.session = nil
return {redirect_to = self:url_for("user_login")} return {redirect_to = self:url_for("user_login")}
end) end)

4
util.lua
View File

@ -165,6 +165,10 @@ end
-- OTHER API -- OTHER API
function util.extend_session_cookie(req)
req.session.last_activity = os.time()
end
function util.validate_and_create_image(input_image, filename) function util.validate_and_create_image(input_image, filename)
local img = magick.load_image_from_blob(input_image) local img = magick.load_image_from_blob(input_image)

15
views/user/settings.etlua
View File

@ -21,7 +21,16 @@
<% render("views.common.babycode-editor-component", {ta_name = "signature", prefill = me.signature_original_markup, ta_placeholder = "Will be shown under each of your posts", optional = true}) %> <% render("views.common.babycode-editor-component", {ta_name = "signature", prefill = me.signature_original_markup, ta_placeholder = "Will be shown under each of your posts", optional = true}) %>
<input type="submit" value="Save settings"> <input type="submit" value="Save settings">
</form> </form>
<div> <form method="post" action="<%= url_for("user_change_password", {username = me.username}) %>">
<a class="linkbutton critical" href="<%= url_for("user_delete_confirm", {username = me.username}) %>">Delete account</a> <label for="new_password">Change password</label><br>
</div> <input type="password" id="new_password" name="new_password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<label for="new_password2">Confirm new password</label><br>
<input type="password" id="new_password2" name="new_password2" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<input class="warn" type="submit" value="Change password">
</form>
<% if not me:is_admin() then %>
<div>
<a class="linkbutton critical" href="<%= url_for("user_delete_confirm", {username = me.username}) %>">Delete account</a>
</div>
<% end %>
</div> </div>