forked from ScoDoc/ScoDoc
Merge branch 'change_email' of https://scodoc.org/git/jmplace/ScoDoc-Lille into jmplace-change_email
This commit is contained in:
commit
c96b114b08
@ -33,7 +33,7 @@ token_auth = HTTPTokenAuth()
|
|||||||
|
|
||||||
@basic_auth.verify_password
|
@basic_auth.verify_password
|
||||||
def verify_password(username, password):
|
def verify_password(username, password):
|
||||||
user = User.query.filter_by(username=username).first()
|
user = User.query.filter_by(user_name=username).first()
|
||||||
if user and user.check_password(password):
|
if user and user.check_password(password):
|
||||||
return user
|
return user
|
||||||
|
|
||||||
|
46
app/templates/auth/change_password.html
Normal file
46
app/templates/auth/change_password.html
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
{% extends "base.html" %}
|
||||||
|
{% import 'bootstrap/wtf.html' as wtf %}
|
||||||
|
|
||||||
|
{% macro render_field(field) %}
|
||||||
|
<tr style="">
|
||||||
|
<td class="wtf-field">{{ field.label }}</td>
|
||||||
|
<td class="wtf-field">{{ field(**kwargs)|safe }}
|
||||||
|
{% if field.errors %}
|
||||||
|
<ul class=errors>
|
||||||
|
{% for error in field.errors %}
|
||||||
|
<li>{{ error }}</li>
|
||||||
|
{% endfor %}
|
||||||
|
</ul>
|
||||||
|
{% endif %}
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
{% endmacro %}
|
||||||
|
|
||||||
|
{% block app_content %}
|
||||||
|
<h1>Changez vos données personnelles</h1>
|
||||||
|
<p>Identifiez vous avez votre mot de passe actuel</p>
|
||||||
|
<p>Vous pouvez changer votre mot de passe (laisez les champs vides sinon)</p>
|
||||||
|
<p>et/ou votre adresse email.</p>
|
||||||
|
|
||||||
|
<form method=post>
|
||||||
|
{{ form.user_name }}
|
||||||
|
{{ form.csrf_token }}
|
||||||
|
<table class="tf"><tbody>
|
||||||
|
{{ render_field(form.old_password, size=14, style="padding:1px;") }}
|
||||||
|
{{ render_field(form.new_password, size=14, style="padding:1px;") }}
|
||||||
|
{{ render_field(form.bis_password, size=14, style="padding:1px;") }}
|
||||||
|
{{ render_field(form.email, size=40, style="padding:1px;") }}
|
||||||
|
{{ render_field(form.submit) }}
|
||||||
|
</tbody></table>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
{#<div class="row" style="margin-top: 30px;">#}
|
||||||
|
{#<div class="col-md-4">Votre identifiant: <b>{{user.user_name}}</b></div>#}
|
||||||
|
{#</div>#}
|
||||||
|
{##}
|
||||||
|
{#<div class="row" style="margin-top: 30px;">#}
|
||||||
|
{# <div class="col-md-4">#}
|
||||||
|
{# {{ wtf.quick_form(form) }}#}
|
||||||
|
{# </div>#}
|
||||||
|
{#</div>#}
|
||||||
|
{% endblock %}
|
@ -38,12 +38,15 @@ import re
|
|||||||
from xml.etree import ElementTree
|
from xml.etree import ElementTree
|
||||||
|
|
||||||
import flask
|
import flask
|
||||||
from flask import g, url_for, request, current_app
|
from flask import g, url_for, request, current_app, flash
|
||||||
from flask import redirect, render_template
|
from flask import redirect, render_template
|
||||||
|
|
||||||
from flask_login import current_user
|
from flask_login import current_user
|
||||||
|
from wtforms import HiddenField, PasswordField, StringField, SubmitField
|
||||||
|
from wtforms.validators import DataRequired, Email, ValidationError, EqualTo
|
||||||
|
|
||||||
from app import db
|
from app import db
|
||||||
|
from app.api.auth import verify_password
|
||||||
from app.auth.forms import DeactivateUserForm
|
from app.auth.forms import DeactivateUserForm
|
||||||
from app.auth.models import Permission
|
from app.auth.models import Permission
|
||||||
from app.auth.models import User
|
from app.auth.models import User
|
||||||
@ -69,6 +72,40 @@ from app.scodoc.sco_import_users import generate_password
|
|||||||
from app.scodoc.sco_permissions_check import can_handle_passwd
|
from app.scodoc.sco_permissions_check import can_handle_passwd
|
||||||
from app.scodoc.TrivialFormulator import TrivialFormulator, tf_error_message
|
from app.scodoc.TrivialFormulator import TrivialFormulator, tf_error_message
|
||||||
from app.views import users_bp as bp
|
from app.views import users_bp as bp
|
||||||
|
from flask_wtf import FlaskForm
|
||||||
|
|
||||||
|
_ = lambda x: x # sans babel
|
||||||
|
_l = _
|
||||||
|
|
||||||
|
|
||||||
|
class ChangePasswordForm(FlaskForm):
|
||||||
|
user_name = HiddenField()
|
||||||
|
old_password = PasswordField(_l("Ancien mot de passe"))
|
||||||
|
new_password = PasswordField(_l("Nouveau mot de passe"))
|
||||||
|
bis_password = PasswordField(
|
||||||
|
_l("Répéter"),
|
||||||
|
validators=[
|
||||||
|
EqualTo(
|
||||||
|
"new_password",
|
||||||
|
message="Les deux saisies sont " "différentes, recommencez",
|
||||||
|
),
|
||||||
|
],
|
||||||
|
)
|
||||||
|
email = StringField(_l("Email"), validators=[DataRequired(), Email()])
|
||||||
|
submit = SubmitField(_l("Modifier"))
|
||||||
|
|
||||||
|
def validate_email(self, email):
|
||||||
|
user = User.query.filter_by(email=email.data).first()
|
||||||
|
if user is not None and self.user_name.data != user.user_name:
|
||||||
|
raise ValidationError(_("Please choose a different email address."))
|
||||||
|
|
||||||
|
def validate_new_password(self, new_password):
|
||||||
|
if new_password.data != "" and not is_valid_password(new_password.data):
|
||||||
|
raise ValidationError(f"Mot de passe trop simple, recommencez")
|
||||||
|
|
||||||
|
def validate_old_password(self, old_password):
|
||||||
|
if not verify_password(self.user_name.data, old_password.data):
|
||||||
|
raise ValidationError("Ancien mot de passe incorrect, recommenccez")
|
||||||
|
|
||||||
|
|
||||||
@bp.route("/")
|
@bp.route("/")
|
||||||
@ -676,7 +713,7 @@ def get_user_list_xml(dept=None, start="", limit=25):
|
|||||||
return scu.send_file(data, mime=scu.XML_MIMETYPE)
|
return scu.send_file(data, mime=scu.XML_MIMETYPE)
|
||||||
|
|
||||||
|
|
||||||
@bp.route("/form_change_password")
|
@bp.route("/form_change_password", methods=["GET", "POST"])
|
||||||
@scodoc
|
@scodoc
|
||||||
@permission_required(Permission.ScoView)
|
@permission_required(Permission.ScoView)
|
||||||
@scodoc7func
|
@scodoc7func
|
||||||
@ -685,36 +722,31 @@ def form_change_password(user_name=None):
|
|||||||
Un utilisateur peut toujours changer son propre mot de passe.
|
Un utilisateur peut toujours changer son propre mot de passe.
|
||||||
"""
|
"""
|
||||||
if not user_name:
|
if not user_name:
|
||||||
u = current_user
|
user = current_user
|
||||||
else:
|
else:
|
||||||
u = User.query.filter_by(user_name=user_name).first()
|
user = User.query.filter_by(user_name=user_name).first()
|
||||||
H = [html_sco_header.sco_header(user_check=False)]
|
|
||||||
F = html_sco_header.sco_footer()
|
|
||||||
# check access
|
# check access
|
||||||
if not can_handle_passwd(u):
|
if not can_handle_passwd(user):
|
||||||
return (
|
return "\n".join(
|
||||||
"\n".join(H)
|
[
|
||||||
+ "<p>Vous n'avez pas la permission de changer ce mot de passe</p>"
|
html_sco_header.sco_header(user_check=False),
|
||||||
+ F
|
"<p>Vous n'avez pas la permission de changer ce mot de passe</p>",
|
||||||
|
html_sco_header.sco_footer(),
|
||||||
|
]
|
||||||
)
|
)
|
||||||
#
|
form = ChangePasswordForm(user_name=user.user_name, email=user.email)
|
||||||
H.append(
|
if form.validate_on_submit():
|
||||||
"""<h2>Changement du mot de passe de <font color="red">%(nomplogin)s</font></h2>
|
messages = []
|
||||||
<p>
|
if form.new_password.data != "": # change password
|
||||||
<form action="change_password" method="post"><table>
|
user.set_password(form.new_password.data)
|
||||||
<tr><td>Nouveau mot de passe:</td><td><input type="password" size="14" name="password"/></td></tr>
|
messages.append("Mot de passe modifié")
|
||||||
<tr><td>Confirmation: </td><td><input type="password" size="14" name="password2" /></td></tr>
|
if form.email.data != user.email: # change email
|
||||||
</table>
|
user.email = form.email.data
|
||||||
<input type="hidden" value="%(user_name)s" name="user_name">
|
messages.append("Adresse email modifiée")
|
||||||
<input type="submit" value="Changer">
|
db.session.commit()
|
||||||
</p>
|
flash("\n".join(messages))
|
||||||
<p class="help">Note: en ScoDoc 9, les utilisateurs peuvent changer eux-même leur mot de passe
|
return render_template("auth/change_password.html", form=form)
|
||||||
en indiquant l'adresse mail associée à leur compte.
|
|
||||||
</p>
|
|
||||||
"""
|
|
||||||
% {"nomplogin": u.get_nomplogin(), "user_name": user_name}
|
|
||||||
)
|
|
||||||
return "\n".join(H) + F
|
|
||||||
|
|
||||||
|
|
||||||
@bp.route("/change_password", methods=["POST"])
|
@bp.route("/change_password", methods=["POST"])
|
||||||
|
Loading…
Reference in New Issue
Block a user