Commit 2bc4157a authored by Vladislav Rykov's avatar Vladislav Rykov
Browse files

settings view tested for user + db fkey modifications

parent 6f49d4f3
......@@ -32,7 +32,7 @@ def update_name(cur, old_name, new_name):
WHERE
name = %s
"""
cur.execute(query, (new_name,))
cur.execute(query, (new_name,old_name))
return (True,)
@with_psql
......@@ -43,7 +43,7 @@ def update_password(cur, name, password):
WHERE
name = %s
"""
cur.execute(query, (password, name))
cur.execute(query, (bcrypt.hashpw(password, bcrypt.gensalt()).decode('utf-8'), name))
return (True,)
@with_psql
......
No preview for this file type
......@@ -25,7 +25,9 @@
<li><a href="/">Home</a></li>
{% if not session['name'] %}
<li><a href="/login">Login</a></li>
{% if users_signup %}
<li><a href="/signup">Signup</a></li>
{% endif %}
{% endif %}
</ul>
{% if session['name'] %}
......
{% extends 'layout.html' %}
{% block title %} Settings {{ username }} {% endblock %}
{% block content %}
<div class="row">
<div class="col-md-3">
<div class="clickback">
<span class="glyphicon glyphicon-arrow-left"></span>
<p><a class="backlink" onclick="history.back(-1)"></a></p>
</div>
</div>
<div class="col-md-6">
<div class="panel panel-primary">
<div class="panel-heading">
<h2><center> Settings {{ username }}: </center></h2>
</div>
<div class="panel-body">
<form class="form-inline" action="settings" method="post">
<table class="table">
<tr>
<td>
<label for="name">Name</label>
</td>
<td>
<input type="text" class="form-control" id="name" name="name" value="{{ username }}">
</td>
</tr>
<tr>
<td>
<label for="name">Password</label>
</td>
<td>
<input type="password" class="form-control" id="password" name="password" placeholder="Password">
</td>
</tr>
</table>
<button type="submit" class="btn btn-default">Save</button>
</form>
</div>
</div>
</div>
</div>
</div>
{% endblock %}
......@@ -42,36 +42,41 @@ def signup():
if session['role'] and session['role'] == 'admin':
return render_template('admin/signup.html')
else:
return render_template('public/signup.html')
else:
username = request.form['username']
password = request.form['password'].encode('utf-8')
if (username == '' or password == ''):
feedback = 'Username or password fields cannot be empty'
return render_template('public/signup.html', feedback=feedback)
elif (len(password) < 8):
flash('Password length must be at least 8 characters.', 'danger')
return redirect(request.url)
else:
role = 'user'
if request.form['role'] and request.form['role'] == 'administrator':
role = 'admin'
res = ud.create(username, password, role)
if (not res[0]):
flash('Error: {}'.format(res[1]), 'danger')
if app.config['USERS_SIGNUP']:
return render_template('public/signup.html')
else:
return redirect(url_for('index'))
else:
if app.config['USERS_SIGNUP'] or session['role'] == 'admin':
username = request.form['username']
password = request.form['password'].encode('utf-8')
if (username == '' or password == ''):
feedback = 'Username or password fields cannot be empty'
return render_template('public/signup.html', feedback=feedback)
elif (len(password) < 8):
flash('Password length must be at least 8 characters.', 'danger')
return redirect(request.url)
else:
session['name'] = username
flash('User successfully created.', 'success')
if session['role'] and session['role'] == 'admin':
return redirect(url_for('dashboard'))
role = 'user'
if request.form['role'] and request.form['role'] == 'administrator':
role = 'admin'
res = ud.create(username, password, role)
if (not res[0]):
flash('Error: {}'.format(res[1]), 'danger')
return redirect(request.url)
else:
return redirect(url_for('index'))
session['name'] = username
flash('User successfully created.', 'success')
if session['role'] and session['role'] == 'admin':
return redirect(url_for('dashboard'))
else:
return redirect(url_for('index'))
else:
return redirect(url_for('index'))
@app.route('/login', methods=['GET', 'POST'])
......@@ -435,5 +440,30 @@ def user_delete():
flash('Warning: the user is admin or does not exist.' ,'warning')
return redirect(url_for('index'))
@app.route('/settings', methods=['GET', 'POST'])
def settings():
if request.method == 'GET':
if session['role'] == 'admin':
return render_template('public/settings.html', username=session['name'])
else:
return render_template('public/settings.html', username=session['name'])
else:
if request.form['name'] != session['name']:
res = ud.update_name(session['name'], request.form['name'])
if not res[0]:
flash('Error: {}'.format(res[1]), 'danger')
return redirect(request.url);
else:
session['name'] = request.form['name']
if request.form['password'] != '':
res = ud.update_password(session['name'], request.form['password'].encode('utf-8'))
if not res[0]:
flash('Error: {}'.format(res[1]), 'danger')
return redirect(request.url);
return redirect(url_for('index'))
def pend_delete_all_ack():
pend.delete_all_ack()
No preview for this file type
......@@ -20,6 +20,9 @@ class Config(object):
# in minutes - 24 hours by default
MAINTAINER_INTERVAL = 1440
# manual user signup by default
USERS_SIGNUP = False
class ProductionConfig(Config):
pass
......
No preview for this file type
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment