change password

ereuse_devicehub/forms.py

@@ -117,3 +117,46 @@ class ProfileForm(FlaskForm):
         db.session.add(agent)
         if commit:
             db.session.commit()
+
+
+class PasswordForm(FlaskForm):
+    password = PasswordField(
+        'Current Password',
+        [validators.DataRequired()],
+        render_kw={'class': "form-control"},
+    )
+    newpassword = PasswordField(
+        'New Password',
+        [validators.DataRequired()],
+        render_kw={'class': "form-control"},
+    )
+    renewpassword = PasswordField(
+        'Re-enter New Password',
+        [validators.DataRequired()],
+        render_kw={'class': "form-control"},
+    )
+
+    def validate(self, extra_validators=None):
+        is_valid = super().validate(extra_validators)
+
+        if not is_valid:
+            return False
+
+        if not g.user.check_password(self.password.data):
+            self.password.errors = ['Incorrect password']
+            return False
+
+        if self.newpassword.data != self.renewpassword.data:
+            self.newpassword.errors = ['Is not the same password']
+            self.renewpassword.errors = ['Is not the same password']
+            return False
+
+        return True
+
+    def save(self, commit=True):
+        g.user.password = generate_password_hash(self.newpassword.data)
+
+        db.session.add(g.user)
+        if commit:
+            db.session.commit()
+        return

ereuse_devicehub/templates/ereuse_devicehub/user_profile.html

@@ -132,7 +132,7 @@
                   {{ f }}
                 {% else %}
                 <div class="row mb-3">
-                  <label for="company" class="col-md-4 col-lg-3 col-form-label">{{ f.label }}</label>
+                  <label class="col-md-4 col-lg-3 col-form-label">{{ f.label }}</label>
                   <div class="col-md-8 col-lg-9">
                     {{ f }}
                     {% if f.errors %}
@@ -197,29 +197,26 @@
 
             <div class="tab-pane fade pt-3" id="profile-change-password">
               <!-- Change Password Form -->
-              <form>
-
+              <form action="{{ url_for('core.set-password') }}" method="post">
+              {% for  f in password_form %}
+                {% if f == password_form.csrf_token %}
+                  {{ f }}
+                {% else %}
                 <div class="row mb-3">
-                  <label for="currentPassword" class="col-md-4 col-lg-3 col-form-label">Current Password</label>
+                  <label class="col-md-4 col-lg-3 col-form-label">{{ f.label }}</label>
                   <div class="col-md-8 col-lg-9">
-                    <input name="password" type="password" class="form-control" id="currentPassword">
+                    {{ f }}
+                    {% if f.errors %}
+                    <p class="text-danger">
+                      {% for error in f.errors %}
+                        {{ error }}<br/>
+                      {% endfor %}
+                    </p>
+                    {% endif %}
                   </div>
                 </div>
-
-                <div class="row mb-3">
-                  <label for="newPassword" class="col-md-4 col-lg-3 col-form-label">New Password</label>
-                  <div class="col-md-8 col-lg-9">
-                    <input name="newpassword" type="password" class="form-control" id="newPassword">
-                  </div>
-                </div>
-
-                <div class="row mb-3">
-                  <label for="renewPassword" class="col-md-4 col-lg-3 col-form-label">Re-enter New Password</label>
-                  <div class="col-md-8 col-lg-9">
-                    <input name="renewpassword" type="password" class="form-control" id="renewPassword">
-                  </div>
-                </div>
-
+                {% endif %}
+              {% endfor %}
                 <div class="text-center">
                   <button type="submit" class="btn btn-primary">Change Password</button>
                 </div>

ereuse_devicehub/views.py

@@ -5,7 +5,7 @@ from flask_login import current_user, login_required, login_user, logout_user
 
 from ereuse_devicehub import __version__, messages
 from ereuse_devicehub.db import db
-from ereuse_devicehub.forms import LoginForm, ProfileForm
+from ereuse_devicehub.forms import LoginForm, PasswordForm, ProfileForm
 from ereuse_devicehub.resources.user.models import User
 from ereuse_devicehub.utils import is_safe_url
 
@@ -62,18 +62,38 @@ class UserProfileView(View):
             'sessions': sessions,
             'version': __version__,
             'profile_form': form,
+            'password_form': PasswordForm(),
         }
 
         if form.validate_on_submit():
             form.save(commit=False)
             messages.success('Modify user Profile datas successfully!')
+            db.session.commit()
         elif form.errors:
-            messages.error('Error modify user Profile data!')
+            messages.error('Error modifying user Profile data!')
+
+        return flask.render_template(self.template_name, **context)
+
+
+class UserPasswordView(View):
+    methods = ['POST']
+    decorators = [login_required]
+
+    def dispatch_request(self):
+        form = PasswordForm()
+        # import pdb; pdb.set_trace()
+        db.session.commit()
+        if form.validate_on_submit():
+            form.save(commit=False)
+            messages.success('Reset user password successfully!')
+        else:
+            messages.error('Error modifying user password!')
 
         db.session.commit()
-        return flask.render_template(self.template_name, **context)
+        return flask.redirect(flask.url_for('core.user-profile'))
 
 
 core.add_url_rule('/login/', view_func=LoginView.as_view('login'))
 core.add_url_rule('/logout/', view_func=LogoutView.as_view('logout'))
 core.add_url_rule('/profile/', view_func=UserProfileView.as_view('user-profile'))
+core.add_url_rule('/set_password/', view_func=UserPasswordView.as_view('set-password'))