add change password functionality

2020-11-17 15:52:55 -05:00 · 2020-11-17 15:52:55 -05:00 · 09621485a7
commit 09621485a7
parent 86a896f78b
2 changed files with 75 additions and 4 deletions
--- a/stickup.py
+++ b/stickup.py
@ -10,6 +10,7 @@ import aiohttp_jinja2
 from aiohttp_jinja2 import render_template
 import uvloop
 import asyncpg
+from passlib.hash import argon2

 import config
 import buckler_aiohttp
@ -18,13 +19,61 @@ uvloop.install()
 routes = web.RouteTableDef()

@routes.get('/', name='index')
+@routes.post('/', name='index')
 async def index(request):
 	"""The index page."""
-	async with request.app['pool'].acquire() as conn:
 	user_id = int(request.cookies.get('userid'))
-		email_addresses = await conn.fetch(
-			"SELECT email FROM virtual_users WHERE buckler_id = $1",
+
+	async with request.app['pool'].acquire() as conn:
+		user_data = await conn.fetch(
+			"SELECT * FROM virtual_users WHERE buckler_id = $1",
 			user_id)
+
+	result = {}
+	if request.method == 'POST':
+		data = await request.post()
+		current_password = data.get('current_password', '')
+		new_password = data.get('new_password', '')
+		verify_new_password = data.get('verify_new_password', '')
+
+		if not argon2.verify(current_password, user_data[0]['password']):
+			result = {
+				'ok': False,
+				'message': "Current password does not match."
+			}
+			return render_template('index.html', request, locals())
+
+		if new_password != verify_new_password:
+			result = {
+				'ok': False,
+				'message': "New passwords do not match."
+			}
+			return render_template('index.html', request, locals())
+
+		if len(new_password) > config.max_password:
+			result = {
+				'ok': False,
+				'message': "Maximum password length is 1024 characters."
+			}
+			return render_template('index.html', request, locals())
+
+		if len(new_password) < config.min_password:
+			result = {
+				'ok': False,
+				'message': "Minimum password length is 8 characters."
+			}
+			return render_template('index.html', request, locals())
+
+		pw_hash = argon2.hash(new_password)
+		async with request.app['pool'].acquire() as conn:
+			await conn.fetch(
+				"UPDATE virtual_users SET password = $1 WHERE buckler_id = $2",
+				pw_hash, user_id)
+		result = {
+			'ok': True,
+			'message': "Password has been changed."
+		}
+
 	return render_template('index.html', request, locals())


--- a/templates/index.html
+++ b/templates/index.html
@ -7,8 +7,30 @@
 	</head>
 	<body>
 		<h1>This is a stickup!</h1>
-		{% for record in email_addresses %}
+		{% for record in user_data %}
 		<div>Your email address is {{ record['email'] }}</div>
 		{% endfor %}
+		{% if result %}
+		<div>{{ result['message'] }}</div>
+		{% endif %}
+		<form method="post" enctype="application/x-www-form-urlencoded">
+			<table>
+				<tr>
+					<td><label for="current_password">Current password</label></td>
+					<td><input id="current_password" name="current_password" type="password"></td>
+				</tr>
+				<tr>
+					<td><label for="new_password">New password</label></td>
+					<td><input id="new_password" name="new_password" type="password"></td>
+				</tr>
+				<tr>
+					<td><label for="verify_new_password">Verify new password</label></td>
+					<td><input id="verify_new_password" name="verify_new_password" type="password"></td>
+				</tr>
+				<tr>
+					<td><input type="submit" value="Submit"></td>
+				</tr>
+			</table>
+		</form>
 	</body>
 </html>