settings view tested for user + db fkey modifications

2bc4157a · Vladislav Rykov · 6f49d4f3 · 2bc4157a · 2bc4157a · 2bc4157a
Commit 2bc4157a authored Apr 27, 2020 by Vladislav Rykov
--- a/app/__pycache__/config.cpython-35.pyc
+++ b/app/__pycache__/config.cpython-35.pyc
--- a/app/app/__pycache__/views.cpython-35.pyc
+++ b/app/app/__pycache__/views.cpython-35.pyc
--- a/app/app/dao/application/application.pyc
+++ b/app/app/dao/application/application.pyc
--- a/app/app/dao/data/data.pyc
+++ b/app/app/dao/data/data.pyc
--- a/app/app/dao/device/device.pyc
+++ b/app/app/dao/device/device.pyc
--- a/app/app/dao/user/__pycache__/user.cpython-35.pyc
+++ b/app/app/dao/user/__pycache__/user.cpython-35.pyc
--- a/app/app/dao/user/user.py
+++ b/app/app/dao/user/user.py
@@ -32,7 +32,7 @@ def update_name(cur, old_name, new_name):
    WHERE
        name = %s
    """
-    cur.execute(query, (new_name,))
+    cur.execute(query, (new_name,old_name))
    return (True,)

 @with_psql
@@ -43,7 +43,7 @@ def update_password(cur, name, password):
    WHERE
        name = %s
    """
-    cur.execute(query, (password, name))
+    cur.execute(query, (bcrypt.hashpw(password, bcrypt.gensalt()).decode('utf-8'), name))
    return (True,)

 @with_psql

--- a/app/app/dao/user/user.pyc
+++ b/app/app/dao/user/user.pyc
--- a/app/app/helpers/misc.pyc
+++ b/app/app/helpers/misc.pyc
--- a/app/app/templates/layout.html
+++ b/app/app/templates/layout.html
@@ -25,7 +25,9 @@
 					<li><a href="/">Home</a></li>
 					{% if not session['name'] %}
 					<li><a href="/login">Login</a></li>
+						{% if users_signup %}
        	    			<li><a href="/signup">Signup</a></li>
+						{% endif %}
 					{% endif %}
 	         		</ul>
 				{% if session['name'] %}

--- a/app/app/templates/public/settings.html
+++ b/app/app/templates/public/settings.html
+{% extends 'layout.html' %}
+
+{% block title %} Settings {{ username }} {% endblock %}
+
+{% block content %}
+
+<div class="row">
+	<div class="col-md-3">
+		<div class="clickback">
+			<span class="glyphicon glyphicon-arrow-left"></span>	
+			<p><a class="backlink" onclick="history.back(-1)"></a></p>
+		</div>
+	</div>
+
+		<div class="col-md-6">
+			<div class="panel panel-primary">
+				<div class="panel-heading">
+					<h2><center> Settings {{ username }}: </center></h2>
+				</div>
+				<div class="panel-body">
+					<form class="form-inline" action="settings" method="post">
+						<table class="table">
+							<tr>
+								<td>
+									<label for="name">Name</label>
+								</td>
+								<td>
+									<input type="text" class="form-control" id="name" name="name" value="{{ username }}">
+								</td>
+							</tr>
+							<tr>
+								<td>
+									<label for="name">Password</label>
+								</td>
+								<td>
+									<input type="password" class="form-control" id="password" name="password" placeholder="Password">
+								</td>
+							</tr>
+						</table>
+						<button type="submit" class="btn btn-default">Save</button>
+					</form>
+				</div>
+			</div>
+		</div>	
+	</div>
+</div>
+
+{% endblock %}
+
--- a/app/app/views.py
+++ b/app/app/views.py
@@ -42,36 +42,41 @@ def signup():
        if session['role'] and session['role'] == 'admin':
            return render_template('admin/signup.html')
        else:
-            return render_template('public/signup.html')
-    else: 
-        username = request.form['username']
-        password = request.form['password'].encode('utf-8')
-        
-        if (username == '' or password == ''):
-            feedback = 'Username or password fields cannot be empty'
-            return render_template('public/signup.html', feedback=feedback)
-        elif (len(password) < 8):
-            flash('Password length must be at least 8 characters.', 'danger')
-            return redirect(request.url)
-        else:
-            role = 'user'
-            if request.form['role'] and request.form['role'] == 'administrator':
-                role = 'admin'
-
-            res = ud.create(username, password, role)
-            if (not res[0]):
-                flash('Error: {}'.format(res[1]), 'danger')
+            if app.config['USERS_SIGNUP']:
+                return render_template('public/signup.html')
+            else:
+                return redirect(url_for('index'))
+    else:
+        if app.config['USERS_SIGNUP'] or session['role'] == 'admin':
+            username = request.form['username']
+            password = request.form['password'].encode('utf-8')
+            
+            if (username == '' or password == ''):
+                feedback = 'Username or password fields cannot be empty'
+                return render_template('public/signup.html', feedback=feedback)
+            elif (len(password) < 8):
+                flash('Password length must be at least 8 characters.', 'danger')
                return redirect(request.url)
            else:
-                session['name'] = username
-                
-                flash('User successfully created.', 'success')
-
-                if session['role'] and session['role'] == 'admin':
-                    return redirect(url_for('dashboard'))
+                role = 'user'
+                if request.form['role'] and request.form['role'] == 'administrator':
+                    role = 'admin'
+
+                res = ud.create(username, password, role)
+                if (not res[0]):
+                    flash('Error: {}'.format(res[1]), 'danger')
+                    return redirect(request.url)
                else:
-                    return redirect(url_for('index'))
+                    session['name'] = username
+                    
+                    flash('User successfully created.', 'success')

+                    if session['role'] and session['role'] == 'admin':
+                        return redirect(url_for('dashboard'))
+                    else:
+                        return redirect(url_for('index'))
+        else:
+            return redirect(url_for('index'))


 @app.route('/login', methods=['GET', 'POST'])
@@ -435,5 +440,30 @@ def user_delete():
        flash('Warning: the user is admin or does not exist.' ,'warning')
        return redirect(url_for('index'))

+@app.route('/settings', methods=['GET', 'POST'])
+def settings():
+    if request.method == 'GET':
+        if session['role'] == 'admin':
+            return render_template('public/settings.html', username=session['name'])
+        else:
+            return render_template('public/settings.html', username=session['name'])
+    else:
+        if request.form['name'] != session['name']:
+            res = ud.update_name(session['name'], request.form['name'])
+            if not res[0]:
+                flash('Error: {}'.format(res[1]), 'danger')
+                return redirect(request.url);
+            else:
+                session['name'] = request.form['name']
+        if request.form['password'] != '':
+            res = ud.update_password(session['name'], request.form['password'].encode('utf-8'))
+            if not res[0]:
+                flash('Error: {}'.format(res[1]), 'danger')
+                return redirect(request.url);
+
+
+        return redirect(url_for('index'))
+
+
 def pend_delete_all_ack():
    pend.delete_all_ack()
--- a/app/app/views.pyc
+++ b/app/app/views.pyc
--- a/app/config.py
+++ b/app/config.py
@@ -20,6 +20,9 @@ class Config(object):
    # in minutes - 24 hours by default
    MAINTAINER_INTERVAL = 1440

+    # manual user signup by default
+    USERS_SIGNUP = False
+
 class ProductionConfig(Config):
    pass


--- a/app/config.pyc
+++ b/app/config.pyc