implemented /change_password

This commit is contained in:
iou1name 2019-09-27 13:53:36 -04:00
parent 74cd0713ec
commit 8daf81ac46
3 changed files with 52 additions and 8 deletions

View File

@ -58,11 +58,33 @@ async def index(request):
return render_template("index.html", request, locals()) return render_template("index.html", request, locals())
@routes.get(config.url_prefix + '/change_password', name='change_password') @routes.post(config.url_prefix + '/change_password', name='change_password')
@auth.auth_required @auth.auth_required
async def change_password(request): async def change_password(request):
"""Allows a user to change their password.""" """Allows a user to change their password."""
pass data = await request.post()
current_pw = data.get('current_password')
new_pw = data.get('new_password')
verify_pw = data.get('verify_password')
if not all(current_pw, new_pw, verify_pw):
return
if not new_pw == verify_pw:
return
async with request.app['pool'].acquire() as conn:
pw_hash = conn.fetchrow(
"SELECT password_hash FROM user_info WHERE id = $1",
request['session']['id'])
if not argon2.verify(current_pw, pw_hash['password_hash']):
return
h = argon2.hash(new_pw)
conn.execute(
"UPDATE user_info SET password_hash = $1 WHERE id = $2",
h, request['session']['id'])
index_url = request.app.router['index'].url_for()
raise web.HTTPFound(location=index_url)
@routes.get(config.url_prefix + '/login', name='login') @routes.get(config.url_prefix + '/login', name='login')

View File

@ -54,3 +54,17 @@ tr {
td { td {
text-align: center; text-align: center;
} }
#change_password {
border: none;
border-collapse: separate;
width: auto;
}
#change_password tr {
border: none;
}
#change_password td {
text-align: left;
}

View File

@ -63,12 +63,20 @@
<article style="display: none;"> <article style="display: none;">
<hr> <hr>
<form action="{{ request.app.router['change_password'].url_for() }}" method="post" enctype="application/x-www-form-urlencoded"> <form action="{{ request.app.router['change_password'].url_for() }}" method="post" enctype="application/x-www-form-urlencoded">
<label for="current_password">Current password</label> <table id="change_password">
<input id="current_password" name="current_password" type="password"><br> <tr>
<label for="new_password">New password</label> <td><label for="current_password">Current password</label></td>
<input id="new_password" name="new_password" type="password"><br> <td><input id="current_password" name="current_password" type="password"></td>
<label for="verify_password">Verify password</label> </tr>
<input id="verify_password" name="verify_password" type="password"><br> <tr>
<td><label for="new_password">New password</label></td>
<td><input id="new_password" name="new_password" type="password"></td>
</tr>
<tr>
<td><label for="verify_password">Verify password</label></td>
<td><input id="verify_password" name="verify_password" type="password"></td>
</tr>
</table>
<input type="submit" value="Submit"> <input type="submit" value="Submit">
</form> </form>
</article> </article>