re-add changing password

This commit is contained in:
Lera Elvoé 2025-07-04 18:45:53 +03:00
parent 4cbc66d9aa
commit 443c25c09b
Signed by: yagich
SSH Key Fingerprint: SHA256:6xjGb6uA7lAVcULa7byPEN//rQ0wPoG+UzYVMfZnbvc
2 changed files with 42 additions and 1 deletions

View File

@ -9,6 +9,7 @@ from ..constants import InfoboxKind, PermissionLevel
from ..auth import digest, verify
from wand.image import Image
from wand.exceptions import WandException
from datetime import datetime, timedelta
import secrets
import time
import re
@ -64,7 +65,18 @@ def create_session(user_id):
return Sessions.create({
"key": secrets.token_hex(16),
"user_id": user_id,
"expires_at": int(time.time()) + 32 * 24 * 60 * 60,
"expires_at": int(time.time()) + 31 * 24 * 60 * 60,
})
def extend_session(user_id):
session_obj = Sessions.find({'key': session['pyrom_session_key']})
if not session_obj:
return
new_duration = timedelta(31)
current_app.permanent_session_lifetime = new_duration
session.modified = True
session_obj.update({
'expires_at': int(time.time()) + 31 * 24 * 60 * 60
})
@ -307,6 +319,28 @@ def set_avatar(username):
return redirect(url_for('.settings', user.username))
@bp.post('/<username>/change_password')
@login_required
def change_password(username):
user = get_active_user()
password = request.form.get('new_password')
password2 = request.form.get('new_password2')
if not validate_password(password):
flash("Invalid password.", InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
if password != password2:
flash("Passwords do not match.", InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
hashed = digest(password)
user.update({'password_hash': hashed})
extend_session(user.id)
flash('Password updated.', InfoboxKind.INFO)
return redirect(url_for('.settings', username=user.username))
@bp.post('/<username>/clear_avatar')
@login_required
def clear_avatar(username):

View File

@ -28,5 +28,12 @@
<label for='subscribe_by_default'>Subscribe to thread by default when responding</label><br>
<input type='submit' value='Save settings'>
</form>
<form method='post' action='{{ url_for('users.change_password', username=active_user.username) }}'>
<label for="new_password">Change password</label><br>
<input type="password" id="new_password" name="new_password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<label for="new_password2">Confirm new password</label><br>
<input type="password" id="new_password2" name="new_password2" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<input class="warn" type="submit" value="Change password">
</form>
</div>
{% endblock %}