add change password functionality

This commit is contained in:
iou1name 2020-11-17 15:52:55 -05:00
parent 86a896f78b
commit 09621485a7
2 changed files with 75 additions and 4 deletions

View File

@ -10,6 +10,7 @@ import aiohttp_jinja2
from aiohttp_jinja2 import render_template
import uvloop
import asyncpg
from passlib.hash import argon2
import config
import buckler_aiohttp
@ -18,13 +19,61 @@ uvloop.install()
routes = web.RouteTableDef()
@routes.get('/', name='index')
@routes.post('/', name='index')
async def index(request):
"""The index page."""
user_id = int(request.cookies.get('userid'))
async with request.app['pool'].acquire() as conn:
user_id = int(request.cookies.get('userid'))
email_addresses = await conn.fetch(
"SELECT email FROM virtual_users WHERE buckler_id = $1",
user_data = await conn.fetch(
"SELECT * FROM virtual_users WHERE buckler_id = $1",
user_id)
result = {}
if request.method == 'POST':
data = await request.post()
current_password = data.get('current_password', '')
new_password = data.get('new_password', '')
verify_new_password = data.get('verify_new_password', '')
if not argon2.verify(current_password, user_data[0]['password']):
result = {
'ok': False,
'message': "Current password does not match."
}
return render_template('index.html', request, locals())
if new_password != verify_new_password:
result = {
'ok': False,
'message': "New passwords do not match."
}
return render_template('index.html', request, locals())
if len(new_password) > config.max_password:
result = {
'ok': False,
'message': "Maximum password length is 1024 characters."
}
return render_template('index.html', request, locals())
if len(new_password) < config.min_password:
result = {
'ok': False,
'message': "Minimum password length is 8 characters."
}
return render_template('index.html', request, locals())
pw_hash = argon2.hash(new_password)
async with request.app['pool'].acquire() as conn:
await conn.fetch(
"UPDATE virtual_users SET password = $1 WHERE buckler_id = $2",
pw_hash, user_id)
result = {
'ok': True,
'message': "Password has been changed."
}
return render_template('index.html', request, locals())

View File

@ -7,8 +7,30 @@
</head>
<body>
<h1>This is a stickup!</h1>
{% for record in email_addresses %}
{% for record in user_data %}
<div>Your email address is {{ record['email'] }}</div>
{% endfor %}
{% if result %}
<div>{{ result['message'] }}</div>
{% endif %}
<form method="post" enctype="application/x-www-form-urlencoded">
<table>
<tr>
<td><label for="current_password">Current password</label></td>
<td><input id="current_password" name="current_password" type="password"></td>
</tr>
<tr>
<td><label for="new_password">New password</label></td>
<td><input id="new_password" name="new_password" type="password"></td>
</tr>
<tr>
<td><label for="verify_new_password">Verify new password</label></td>
<td><input id="verify_new_password" name="verify_new_password" type="password"></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
</body>
</html>