re-add changing password

2025-07-04 18:45:53 +03:00 · 2025-07-04 18:45:53 +03:00 · 443c25c09b
commit 443c25c09b
parent 4cbc66d9aa
2 changed files with 42 additions and 1 deletions
--- a/app/routes/users.py
+++ b/app/routes/users.py
@ -9,6 +9,7 @@ from ..constants import InfoboxKind, PermissionLevel
 from ..auth import digest, verify
 from wand.image import Image
 from wand.exceptions import WandException
+from datetime import datetime, timedelta
 import secrets
 import time
 import re
@ -64,7 +65,18 @@ def create_session(user_id):
    return Sessions.create({
        "key": secrets.token_hex(16),
        "user_id": user_id,
-        "expires_at": int(time.time()) + 32 * 24 * 60 * 60,
+        "expires_at": int(time.time()) + 31 * 24 * 60 * 60,
+    })
+
+def extend_session(user_id):
+    session_obj = Sessions.find({'key': session['pyrom_session_key']})
+    if not session_obj:
+        return
+    new_duration = timedelta(31)
+    current_app.permanent_session_lifetime = new_duration
+    session.modified = True
+    session_obj.update({
+        'expires_at': int(time.time()) + 31 * 24 * 60 * 60
    })


@ -307,6 +319,28 @@ def set_avatar(username):
        return redirect(url_for('.settings', user.username))


+@bp.post('/<username>/change_password')
+@login_required
+def change_password(username):
+    user = get_active_user()
+    password = request.form.get('new_password')
+    password2 = request.form.get('new_password2')
+
+    if not validate_password(password):
+        flash("Invalid password.", InfoboxKind.ERROR)
+        return redirect(url_for('.settings', username=user.username))
+
+    if password != password2:
+        flash("Passwords do not match.", InfoboxKind.ERROR)
+        return redirect(url_for('.settings', username=user.username))
+
+    hashed = digest(password)
+    user.update({'password_hash': hashed})
+    extend_session(user.id)
+    flash('Password updated.', InfoboxKind.INFO)
+    return redirect(url_for('.settings', username=user.username))
+
+
@bp.post('/<username>/clear_avatar')
@login_required
 def clear_avatar(username):
--- a/app/templates/users/settings.html
+++ b/app/templates/users/settings.html
@ -28,5 +28,12 @@
    <label for='subscribe_by_default'>Subscribe to thread by default when responding</label><br>
    <input type='submit' value='Save settings'>
  </form>
+  <form method='post' action='{{ url_for('users.change_password', username=active_user.username) }}'>
+    <label for="new_password">Change password</label><br>
+    <input type="password" id="new_password" name="new_password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
+    <label for="new_password2">Confirm new password</label><br>
+    <input type="password" id="new_password2" name="new_password2" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
+    <input class="warn" type="submit" value="Change password">
+  </form>
 </div>
 {% endblock %}