re-add changing password
This commit is contained in:
@@ -9,6 +9,7 @@ from ..constants import InfoboxKind, PermissionLevel
|
||||
from ..auth import digest, verify
|
||||
from wand.image import Image
|
||||
from wand.exceptions import WandException
|
||||
from datetime import datetime, timedelta
|
||||
import secrets
|
||||
import time
|
||||
import re
|
||||
@@ -64,7 +65,18 @@ def create_session(user_id):
|
||||
return Sessions.create({
|
||||
"key": secrets.token_hex(16),
|
||||
"user_id": user_id,
|
||||
"expires_at": int(time.time()) + 32 * 24 * 60 * 60,
|
||||
"expires_at": int(time.time()) + 31 * 24 * 60 * 60,
|
||||
})
|
||||
|
||||
def extend_session(user_id):
|
||||
session_obj = Sessions.find({'key': session['pyrom_session_key']})
|
||||
if not session_obj:
|
||||
return
|
||||
new_duration = timedelta(31)
|
||||
current_app.permanent_session_lifetime = new_duration
|
||||
session.modified = True
|
||||
session_obj.update({
|
||||
'expires_at': int(time.time()) + 31 * 24 * 60 * 60
|
||||
})
|
||||
|
||||
|
||||
@@ -307,6 +319,28 @@ def set_avatar(username):
|
||||
return redirect(url_for('.settings', user.username))
|
||||
|
||||
|
||||
@bp.post('/<username>/change_password')
|
||||
@login_required
|
||||
def change_password(username):
|
||||
user = get_active_user()
|
||||
password = request.form.get('new_password')
|
||||
password2 = request.form.get('new_password2')
|
||||
|
||||
if not validate_password(password):
|
||||
flash("Invalid password.", InfoboxKind.ERROR)
|
||||
return redirect(url_for('.settings', username=user.username))
|
||||
|
||||
if password != password2:
|
||||
flash("Passwords do not match.", InfoboxKind.ERROR)
|
||||
return redirect(url_for('.settings', username=user.username))
|
||||
|
||||
hashed = digest(password)
|
||||
user.update({'password_hash': hashed})
|
||||
extend_session(user.id)
|
||||
flash('Password updated.', InfoboxKind.INFO)
|
||||
return redirect(url_for('.settings', username=user.username))
|
||||
|
||||
|
||||
@bp.post('/<username>/clear_avatar')
|
||||
@login_required
|
||||
def clear_avatar(username):
|
||||
|
||||
@@ -28,5 +28,12 @@
|
||||
<label for='subscribe_by_default'>Subscribe to thread by default when responding</label><br>
|
||||
<input type='submit' value='Save settings'>
|
||||
</form>
|
||||
<form method='post' action='{{ url_for('users.change_password', username=active_user.username) }}'>
|
||||
<label for="new_password">Change password</label><br>
|
||||
<input type="password" id="new_password" name="new_password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
|
||||
<label for="new_password2">Confirm new password</label><br>
|
||||
<input type="password" id="new_password2" name="new_password2" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
|
||||
<input class="warn" type="submit" value="Change password">
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
Reference in New Issue
Block a user