leonard.montalbano/ScoDoc
1
0
Fork 0
forked from ScoDoc/ScoDoc
Code Issues Pull Requests Projects Releases Wiki Activity

modification du formulaire de changement de mot de passe personnel

Browse Source
This commit is contained in:
Jean-Marie Place 2021-10-16 23:22:03 +02:00
parent c658c7675e
commit 390118226d
3 changed files with 108 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/api/auth.py
View File

@ -33,7 +33,7 @@ token_auth = HTTPTokenAuth()
@basic_auth.verify_password @basic_auth.verify_password
def verify_password(username, password): def verify_password(username, password):
user = User.query.filter_by(username=username).first() user = User.query.filter_by(user_name=username).first()
if user and user.check_password(password): if user and user.check_password(password):
return user return user

46
app/templates/auth/change_password.html Normal file
View File

@ -0,0 +1,46 @@
{% extends "base.html" %}
{% import 'bootstrap/wtf.html' as wtf %}
{% macro render_field(field) %}
<tr style="">
<td class="wtf-field">{{ field.label }}</td>
<td class="wtf-field">{{ field(**kwargs)|safe }}
{% if field.errors %}
<ul class=errors>
{% for error in field.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
</td>
</tr>
{% endmacro %}
{% block app_content %}
<h1>Changez vos données personnelles</h1>
<p>Identifiez vous avez votre mot de passe actuel</p>
<p>Vous pouvez changer votre mot de passe (laisez les champs vides sinon)</p>
<p>et/ou votre adresse email.</p>
<form method=post>
{{ form.user_name }}
{{ form.csrf_token }}
<table class="tf"><tbody>
{{ render_field(form.old_password, size=14, style="padding:1px;") }}
{{ render_field(form.new_password, size=14, style="padding:1px;") }}
{{ render_field(form.bis_password, size=14, style="padding:1px;") }}
{{ render_field(form.email, size=40, style="padding:1px;") }}
{{ render_field(form.submit) }}
</tbody></table>
</form>
{#<div class="row" style="margin-top: 30px;">#}
{#<div class="col-md-4">Votre identifiant: <b>{{user.user_name}}</b></div>#}
{#</div>#}
{##}
{#<div class="row" style="margin-top: 30px;">#}
{# <div class="col-md-4">#}
{# {{ wtf.quick_form(form) }}#}
{# </div>#}
{#</div>#}
{% endblock %}

90
app/views/users.py
View File

@ -38,12 +38,15 @@ import re
from xml.etree import ElementTree from xml.etree import ElementTree
import flask import flask
from flask import g, url_for, request, current_app from flask import g, url_for, request, current_app, flash
from flask import redirect, render_template from flask import redirect, render_template
from flask_login import current_user from flask_login import current_user
from wtforms import HiddenField, PasswordField, StringField, SubmitField
from wtforms.validators import DataRequired, Email, ValidationError, EqualTo
from app import db from app import db
from app.api.auth import verify_password
from app.auth.forms import DeactivateUserForm from app.auth.forms import DeactivateUserForm
from app.auth.models import Permission from app.auth.models import Permission
from app.auth.models import User from app.auth.models import User
@ -69,6 +72,40 @@ from app.scodoc.sco_import_users import generate_password
from app.scodoc.sco_permissions_check import can_handle_passwd from app.scodoc.sco_permissions_check import can_handle_passwd
from app.scodoc.TrivialFormulator import TrivialFormulator, tf_error_message from app.scodoc.TrivialFormulator import TrivialFormulator, tf_error_message
from app.views import users_bp as bp from app.views import users_bp as bp
from flask_wtf import FlaskForm
_ = lambda x: x # sans babel
_l = _
class ChangePasswordForm(FlaskForm):
user_name = HiddenField()
old_password = PasswordField(_l("Ancien mot de passe"))
new_password = PasswordField(_l("Nouveau mot de passe"))
bis_password = PasswordField(
_l("Répéter"),
validators=[
EqualTo(
"new_password",
message="Les deux saisies sont " "différentes, recommencez",
),
],
)
email = StringField(_l("Email"), validators=[DataRequired(), Email()])
submit = SubmitField(_l("Modifier"))
def validate_email(self, email):
user = User.query.filter_by(email=email.data).first()
if user is not None and self.user_name.data != user.user_name:
raise ValidationError(_("Please choose a different email address."))
def validate_new_password(self, new_password):
if new_password.data != "" and not is_valid_password(new_password.data):
raise ValidationError(f"Mot de passe trop simple, recommencez")
def validate_old_password(self, old_password):
if not verify_password(self.user_name.data, old_password.data):
raise ValidationError("Ancien mot de passe incorrect, recommenccez")
@bp.route("/") @bp.route("/")
@ -676,7 +713,7 @@ def get_user_list_xml(dept=None, start="", limit=25):
return scu.send_file(data, mime=scu.XML_MIMETYPE) return scu.send_file(data, mime=scu.XML_MIMETYPE)
@bp.route("/form_change_password") @bp.route("/form_change_password", methods=["GET", "POST"])
@scodoc @scodoc
@permission_required(Permission.ScoView) @permission_required(Permission.ScoView)
@scodoc7func @scodoc7func
@ -685,36 +722,31 @@ def form_change_password(user_name=None):
Un utilisateur peut toujours changer son propre mot de passe. Un utilisateur peut toujours changer son propre mot de passe.
""" """
if not user_name: if not user_name:
u = current_user user = current_user
else: else:
u = User.query.filter_by(user_name=user_name).first() user = User.query.filter_by(user_name=user_name).first()
H = [html_sco_header.sco_header(user_check=False)]
F = html_sco_header.sco_footer()
# check access # check access
if not can_handle_passwd(u): if not can_handle_passwd(user):
return ( return "\n".join(
"\n".join(H) [
+ "<p>Vous n'avez pas la permission de changer ce mot de passe</p>" html_sco_header.sco_header(user_check=False),
+ F "<p>Vous n'avez pas la permission de changer ce mot de passe</p>",
html_sco_header.sco_footer(),
]
) )
# form = ChangePasswordForm(user_name=user.user_name, email=user.email)
H.append( if form.validate_on_submit():
"""<h2>Changement du mot de passe de <font color="red">%(nomplogin)s</font></h2> messages = []
<p> if form.new_password.data != "": # change password
<form action="change_password" method="post"><table> user.set_password(form.new_password.data)
<tr><td>Nouveau mot de passe:</td><td><input type="password" size="14" name="password"/></td></tr> messages.append("Mot de passe modifié")
<tr><td>Confirmation: </td><td><input type="password" size="14" name="password2" /></td></tr> if form.email.data != user.email: # change email
</table> user.email = form.email.data
<input type="hidden" value="%(user_name)s" name="user_name"> messages.append("Adresse email modifiée")
<input type="submit" value="Changer"> db.session.commit()
</p> flash("\n".join(messages))
<p class="help">Note: en ScoDoc 9, les utilisateurs peuvent changer eux-même leur mot de passe return render_template("auth/change_password.html", form=form)
en indiquant l'adresse mail associée à leur compte.
</p>
"""
% {"nomplogin": u.get_nomplogin(), "user_name": user_name}
)
return "\n".join(H) + F
@bp.route("/change_password", methods=["POST"]) @bp.route("/change_password", methods=["POST"])