yagich/pyrom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

re-add changing password

Browse Source
This commit is contained in:
Lera Elvoé 2025-07-04 18:45:53 +03:00
parent 4cbc66d9aa
commit 443c25c09b
Signed by: yagich
SSH Key Fingerprint: SHA256:6xjGb6uA7lAVcULa7byPEN//rQ0wPoG+UzYVMfZnbvc
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
app/routes/users.py
View File

@ -9,6 +9,7 @@ from ..constants import InfoboxKind, PermissionLevel
from ..auth import digest, verify from ..auth import digest, verify
from wand.image import Image from wand.image import Image
from wand.exceptions import WandException from wand.exceptions import WandException
from datetime import datetime, timedelta
import secrets import secrets
import time import time
import re import re
@ -64,7 +65,18 @@ def create_session(user_id):
return Sessions.create({ return Sessions.create({
"key": secrets.token_hex(16), "key": secrets.token_hex(16),
"user_id": user_id, "user_id": user_id,
"expires_at": int(time.time()) + 32 * 24 * 60 * 60, "expires_at": int(time.time()) + 31 * 24 * 60 * 60,
})
def extend_session(user_id):
session_obj = Sessions.find({'key': session['pyrom_session_key']})
if not session_obj:
return
new_duration = timedelta(31)
current_app.permanent_session_lifetime = new_duration
session.modified = True
session_obj.update({
'expires_at': int(time.time()) + 31 * 24 * 60 * 60
}) })
@ -307,6 +319,28 @@ def set_avatar(username):
return redirect(url_for('.settings', user.username)) return redirect(url_for('.settings', user.username))
@bp.post('/<username>/change_password')
@login_required
def change_password(username):
user = get_active_user()
password = request.form.get('new_password')
password2 = request.form.get('new_password2')
if not validate_password(password):
flash("Invalid password.", InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
if password != password2:
flash("Passwords do not match.", InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
hashed = digest(password)
user.update({'password_hash': hashed})
extend_session(user.id)
flash('Password updated.', InfoboxKind.INFO)
return redirect(url_for('.settings', username=user.username))
@bp.post('/<username>/clear_avatar') @bp.post('/<username>/clear_avatar')
@login_required @login_required
def clear_avatar(username): def clear_avatar(username):

7
app/templates/users/settings.html
View File

@ -28,5 +28,12 @@
<label for='subscribe_by_default'>Subscribe to thread by default when responding</label><br> <label for='subscribe_by_default'>Subscribe to thread by default when responding</label><br>
<input type='submit' value='Save settings'> <input type='submit' value='Save settings'>
</form> </form>
<form method='post' action='{{ url_for('users.change_password', username=active_user.username) }}'>
<label for="new_password">Change password</label><br>
<input type="password" id="new_password" name="new_password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<label for="new_password2">Confirm new password</label><br>
<input type="password" id="new_password2" name="new_password2" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<input class="warn" type="submit" value="Change password">
</form>
</div> </div>
{% endblock %} {% endblock %}