add change password functionality
This commit is contained in:
parent
86a896f78b
commit
09621485a7
55
stickup.py
55
stickup.py
|
@ -10,6 +10,7 @@ import aiohttp_jinja2
|
|||
from aiohttp_jinja2 import render_template
|
||||
import uvloop
|
||||
import asyncpg
|
||||
from passlib.hash import argon2
|
||||
|
||||
import config
|
||||
import buckler_aiohttp
|
||||
|
@ -18,13 +19,61 @@ uvloop.install()
|
|||
routes = web.RouteTableDef()
|
||||
|
||||
@routes.get('/', name='index')
|
||||
@routes.post('/', name='index')
|
||||
async def index(request):
|
||||
"""The index page."""
|
||||
user_id = int(request.cookies.get('userid'))
|
||||
|
||||
async with request.app['pool'].acquire() as conn:
|
||||
user_id = int(request.cookies.get('userid'))
|
||||
email_addresses = await conn.fetch(
|
||||
"SELECT email FROM virtual_users WHERE buckler_id = $1",
|
||||
user_data = await conn.fetch(
|
||||
"SELECT * FROM virtual_users WHERE buckler_id = $1",
|
||||
user_id)
|
||||
|
||||
result = {}
|
||||
if request.method == 'POST':
|
||||
data = await request.post()
|
||||
current_password = data.get('current_password', '')
|
||||
new_password = data.get('new_password', '')
|
||||
verify_new_password = data.get('verify_new_password', '')
|
||||
|
||||
if not argon2.verify(current_password, user_data[0]['password']):
|
||||
result = {
|
||||
'ok': False,
|
||||
'message': "Current password does not match."
|
||||
}
|
||||
return render_template('index.html', request, locals())
|
||||
|
||||
if new_password != verify_new_password:
|
||||
result = {
|
||||
'ok': False,
|
||||
'message': "New passwords do not match."
|
||||
}
|
||||
return render_template('index.html', request, locals())
|
||||
|
||||
if len(new_password) > config.max_password:
|
||||
result = {
|
||||
'ok': False,
|
||||
'message': "Maximum password length is 1024 characters."
|
||||
}
|
||||
return render_template('index.html', request, locals())
|
||||
|
||||
if len(new_password) < config.min_password:
|
||||
result = {
|
||||
'ok': False,
|
||||
'message': "Minimum password length is 8 characters."
|
||||
}
|
||||
return render_template('index.html', request, locals())
|
||||
|
||||
pw_hash = argon2.hash(new_password)
|
||||
async with request.app['pool'].acquire() as conn:
|
||||
await conn.fetch(
|
||||
"UPDATE virtual_users SET password = $1 WHERE buckler_id = $2",
|
||||
pw_hash, user_id)
|
||||
result = {
|
||||
'ok': True,
|
||||
'message': "Password has been changed."
|
||||
}
|
||||
|
||||
return render_template('index.html', request, locals())
|
||||
|
||||
|
||||
|
|
|
@ -7,8 +7,30 @@
|
|||
</head>
|
||||
<body>
|
||||
<h1>This is a stickup!</h1>
|
||||
{% for record in email_addresses %}
|
||||
{% for record in user_data %}
|
||||
<div>Your email address is {{ record['email'] }}</div>
|
||||
{% endfor %}
|
||||
{% if result %}
|
||||
<div>{{ result['message'] }}</div>
|
||||
{% endif %}
|
||||
<form method="post" enctype="application/x-www-form-urlencoded">
|
||||
<table>
|
||||
<tr>
|
||||
<td><label for="current_password">Current password</label></td>
|
||||
<td><input id="current_password" name="current_password" type="password"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><label for="new_password">New password</label></td>
|
||||
<td><input id="new_password" name="new_password" type="password"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><label for="verify_new_password">Verify new password</label></td>
|
||||
<td><input id="verify_new_password" name="verify_new_password" type="password"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><input type="submit" value="Submit"></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
|
Loading…
Reference in New Issue
Block a user