kallithea Changeset - de9a3152c206

Changeset - de9a3152c206

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Mads Kiilerich - 10 years ago 2015-07-31 15:44:07
madski@unity3d.com

auth: disable password change when not using internal auth

2 files changed with 14 insertions and 1 deletions:

kallithea/controllers/admin/my_account.py

kallithea/templates/admin/my_account/my_account_password.html

0 comments (0 inline, 0 general)

kallithea/controllers/admin/my_account.py

➞

Show inline comments

@@ @@ -110,97 +110,101 @@ class MyAccountController(BaseController @@
         defaults = c.user.get_dict()
         update = False
         if request.POST:
             _form = UserForm(edit=True,
                              old_data={'user_id': self.authuser.user_id,
                                        'email': self.authuser.email})()
             form_result = {}
             try:
                 post_data = dict(request.POST)
                 post_data['new_password'] = ''
                 post_data['password_confirmation'] = ''
                 form_result = _form.to_python(post_data)
                 # skip updating those attrs for my account
                 skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',
                               'new_password', 'password_confirmation',
                              ] + managed_fields
                 UserModel().update(self.authuser.user_id, form_result,
                                    skip_attrs=skip_attrs)
                 h.flash(_('Your account was updated successfully'),
                         category='success')
                 Session().commit()
                 update = True
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('admin/my_account/my_account.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8",
                     force_defaults=False)
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during update of user %s') \
                         % form_result.get('username'), category='error')
         if update:
             return redirect('my_account')
         return htmlfill.render(
             render('admin/my_account/my_account.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False)
     def my_account_password(self):
         c.active = 'password'
         self.__load_data()
         if request.POST:
         managed_fields = auth_modules.get_managed_fields(c.user)
         c.can_change_password = 'password' not in managed_fields
         if request.POST and c.can_change_password:
             _form = PasswordChangeForm(self.authuser.username)()
             try:
                 form_result = _form.to_python(request.POST)
                 UserModel().update(self.authuser.user_id, form_result)
                 Session().commit()
                 h.flash(_("Successfully updated password"), category='success')
             except formencode.Invalid as errors:
                 return htmlfill.render(
                     render('admin/my_account/my_account.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8",
                     force_defaults=False)
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during update of user password'),
                         category='error')
         return render('admin/my_account/my_account.html')
     def my_account_repos(self):
         c.active = 'repos'
         self.__load_data()
         #json used to render the grid
         c.data = self._load_my_repos_data()
         return render('admin/my_account/my_account.html')
     def my_account_watched(self):
         c.active = 'watched'
         self.__load_data()
         #json used to render the grid
         c.data = self._load_my_repos_data(watched=True)
         return render('admin/my_account/my_account.html')
     def my_account_perms(self):
         c.active = 'perms'
         self.__load_data()
         c.perm_user = AuthUser(user_id=self.authuser.user_id)
         c.ip_addr = self.ip_addr
         return render('admin/my_account/my_account.html')
     def my_account_emails(self):
         c.active = 'emails'
         self.__load_data()

kallithea/templates/admin/my_account/my_account_password.html

➞

Show inline comments

 <div style="font-size: 20px; color: #666666; padding: 0px 0px 10px 0px">${_('Change Your Account Password')}</div>
 %if c.can_change_password:
 ${h.form(url('my_account_password'), method='post')}
 <div class="form">
     <div class="fields">
      <div class="field">
         <div class="label">
             <label for="current_password">${_('Current password')}:</label>
         </div>
         <div class="input">
             ${h.password('current_password',class_='medium')}
         </div>
      </div>
      <div class="field">
         <div class="label">
             <label for="new_password">${_('New password')}:</label>
         </div>
         <div class="input">
             ${h.password('new_password',class_='medium')}
         </div>
      </div>
      <div class="field">
         <div class="label">
             <label for="new_password_confirmation">${_('Confirm new password')}:</label>
         </div>
         <div class="input">
             ${h.password('new_password_confirmation',class_='medium')}
         </div>
      </div>
         <div class="buttons">
           ${h.submit('save',_('Save'),class_="btn")}
           ${h.reset('reset',_('Reset'),class_="btn")}
         </div>
     </div>
 </div>
 ${h.end_form()}
 %else:
 ${_('This account is managed with %s and the password cannot be changed here') % c.user.extern_type}
 %endif

0 comments (0 inline, 0 general)