Chapter 8: Password updates (8f)

6 years ago · b718cc29e2
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@ -33,3 +33,12 @@ class RegistrationForm(FlaskForm):
    def validate_username(self, field):
        if User.query.filter_by(username=field.data).first():
            raise ValidationError('Username already in use.')


 class ChangePasswordForm(FlaskForm):
    old_password = PasswordField('Old password', validators=[DataRequired()])
    password = PasswordField('New password', validators=[
        DataRequired(), EqualTo('password2', message='Passwords must match.')])
    password2 = PasswordField('Confirm new password',
                              validators=[DataRequired()])
    submit = SubmitField('Update password')
--- a/app/auth/views.py
+++ b/app/auth/views.py
@ -4,7 +4,7 @@ from . import auth
 from .. import db
 from ..models import User
 from ..email import send_email
 from .forms import LoginForm, RegistrationForm
 from .forms import LoginForm, RegistrationForm, ChangePasswordForm


@auth.before_app_request
@ -84,3 +84,19 @@ def resend_confirmation():
               'auth/email/confirm', user=current_user, token=token)
    flash('A new confirmation email has been sent to you by email.')
    return redirect(url_for('main.index'))


@auth.route('/change-password', methods=['GET', 'POST'])
@login_required
 def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        if current_user.verify_password(form.old_password.data):
            current_user.password = form.password.data
            db.session.add(current_user)
            db.session.commit()
            flash('Your password has been updated')
            redirect(url_for('main.index'))
        else:
            flash('Invalid password.')
    return render_template('auth/change_password.html', form=form)
--- a/app/templates/auth/change_password.html
+++ b/app/templates/auth/change_password.html
@ -0,0 +1,13 @@
 {% extends "base.html" %}
 {% import "bootstrap/wtf.html" as wtf %}

 {% block title %}Flasky - Change Password{% endblock %}

 {% block page_content %}
 <div class="page-header">
    <h1>Change Your Password</h1>
 </div>
 <div class="col-md-4">
    {{ wtf.quick_form(form) }}
 </div>
 {% endblock %}
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -27,7 +27,13 @@
            </ul>
            <ul class="nav navbar-nav navbar-right">
                {% if current_user.is_authenticated %}
                <li><a href="{{ url_for('auth.logout') }}">Log out</a></li>
                <li class="dropdown">
                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">Account <b class="caret"></b></a>
                    <ul class="dropdown-menu">
                        <li><a href="{{ url_for('auth.change_password') }}">Change Password</a></li>
                        <li><a href="{{ url_for('auth.logout') }}">Log Out</a></li>
                    </ul>
                </li>
                {% else %}
                <li><a href="{{ url_for('auth.login') }}">Log in</a></li>
                {% endif %}
--- a/tests/test_user_model.py
+++ b/tests/test_user_model.py
@ -35,7 +35,6 @@ class UserModelTestCase(unittest.TestCase):
        u2 = User(password='cat')
        self.assertTrue(u.password_hash != u2.password_hash)


    def test_valid_confirmation_token(self):
        u = User(password='cat')
        db.session.add(u)