re-add changing password

app/routes/users.py

@@ -9,6 +9,7 @@ from ..constants import InfoboxKind, PermissionLevel
 from ..auth import digest, verify
 from wand.image import Image
 from wand.exceptions import WandException
+from datetime import datetime, timedelta
 import secrets
 import time
 import re
@@ -64,7 +65,18 @@ def create_session(user_id):
     return Sessions.create({
         "key": secrets.token_hex(16),
         "user_id": user_id,
-        "expires_at": int(time.time()) + 32 * 24 * 60 * 60,
+        "expires_at": int(time.time()) + 31 * 24 * 60 * 60,
+    })
+
+def extend_session(user_id):
+    session_obj = Sessions.find({'key': session['pyrom_session_key']})
+    if not session_obj:
+        return
+    new_duration = timedelta(31)
+    current_app.permanent_session_lifetime = new_duration
+    session.modified = True
+    session_obj.update({
+        'expires_at': int(time.time()) + 31 * 24 * 60 * 60
     })
 
 
@@ -307,6 +319,28 @@ def set_avatar(username):
         return redirect(url_for('.settings', user.username))
 
 
+@bp.post('/<username>/change_password')
+@login_required
+def change_password(username):
+    user = get_active_user()
+    password = request.form.get('new_password')
+    password2 = request.form.get('new_password2')
+
+    if not validate_password(password):
+        flash("Invalid password.", InfoboxKind.ERROR)
+        return redirect(url_for('.settings', username=user.username))
+
+    if password != password2:
+        flash("Passwords do not match.", InfoboxKind.ERROR)
+        return redirect(url_for('.settings', username=user.username))
+
+    hashed = digest(password)
+    user.update({'password_hash': hashed})
+    extend_session(user.id)
+    flash('Password updated.', InfoboxKind.INFO)
+    return redirect(url_for('.settings', username=user.username))
+
+
 @bp.post('/<username>/clear_avatar')
 @login_required
 def clear_avatar(username):