kallithea Changeset - de9a3152c206

Changeset - de9a3152c206

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Mads Kiilerich - 10 years ago 2015-07-31 15:44:07
madski@unity3d.com

auth: disable password change when not using internal auth

2 files changed with 14 insertions and 1 deletions:

kallithea/controllers/admin/my_account.py

kallithea/templates/admin/my_account/my_account_password.html

0 comments (0 inline, 0 general)

kallithea/controllers/admin/my_account.py

➞

Show inline comments

@@ @@ -62,193 +62,197 @@ class MyAccountController(BaseController @@
     @LoginRequired()
     @NotAnonymous()
     def __before__(self):
         super(MyAccountController, self).__before__()
     def __load_data(self):
         c.user = User.get(self.authuser.user_id)
         if c.user.username == User.DEFAULT_USER:
             h.flash(_("You can't edit this user since it's"
                       " crucial for entire application"), category='warning')
             return redirect(url('users'))
         c.EXTERN_TYPE_INTERNAL = EXTERN_TYPE_INTERNAL
     def _load_my_repos_data(self, watched=False):
         if watched:
             admin = False
             repos_list = [x.follows_repository for x in
                           Session().query(UserFollowing).filter(
                               UserFollowing.user_id ==
                               self.authuser.user_id).all()]
         else:
             admin = True
             repos_list = Session().query(Repository)\
                          .filter(Repository.user_id ==
                                  self.authuser.user_id)\
                          .order_by(func.lower(Repository.repo_name)).all()
         repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list,
                                                    admin=admin)
         #json used to render the grid
         return json.dumps(repos_data)
     def my_account(self):
         """
         GET /_admin/my_account Displays info about my account
         """
         # url('my_account')
         c.active = 'profile'
         self.__load_data()
         c.perm_user = AuthUser(user_id=self.authuser.user_id)
         c.ip_addr = self.ip_addr
         managed_fields = auth_modules.get_managed_fields(c.user)
         def_user_perms = User.get_default_user().AuthUser.permissions['global']
         if 'hg.register.none' in def_user_perms:
             managed_fields.extend(['username', 'firstname', 'lastname', 'email'])
         c.readonly = lambda n: 'readonly' if n in managed_fields else None
         defaults = c.user.get_dict()
         update = False
         if request.POST:
             _form = UserForm(edit=True,
                              old_data={'user_id': self.authuser.user_id,
                                        'email': self.authuser.email})()
             form_result = {}
             try:
                 post_data = dict(request.POST)
                 post_data['new_password'] = ''
                 post_data['password_confirmation'] = ''
                 form_result = _form.to_python(post_data)
                 # skip updating those attrs for my account
                 skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',
                               'new_password', 'password_confirmation',
                              ] + managed_fields
                 UserModel().update(self.authuser.user_id, form_result,
                                    skip_attrs=skip_attrs)
                 h.flash(_('Your account was updated successfully'),
                         category='success')
                 Session().commit()
                 update = True
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('admin/my_account/my_account.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8",
                     force_defaults=False)
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during update of user %s') \
                         % form_result.get('username'), category='error')
         if update:
             return redirect('my_account')
         return htmlfill.render(
             render('admin/my_account/my_account.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False)
     def my_account_password(self):
         c.active = 'password'
         self.__load_data()
         if request.POST:
         managed_fields = auth_modules.get_managed_fields(c.user)
         c.can_change_password = 'password' not in managed_fields
         if request.POST and c.can_change_password:
             _form = PasswordChangeForm(self.authuser.username)()
             try:
                 form_result = _form.to_python(request.POST)
                 UserModel().update(self.authuser.user_id, form_result)
                 Session().commit()
                 h.flash(_("Successfully updated password"), category='success')
             except formencode.Invalid as errors:
                 return htmlfill.render(
                     render('admin/my_account/my_account.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8",
                     force_defaults=False)
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during update of user password'),
                         category='error')
         return render('admin/my_account/my_account.html')
     def my_account_repos(self):
         c.active = 'repos'
         self.__load_data()
         #json used to render the grid
         c.data = self._load_my_repos_data()
         return render('admin/my_account/my_account.html')
     def my_account_watched(self):
         c.active = 'watched'
         self.__load_data()
         #json used to render the grid
         c.data = self._load_my_repos_data(watched=True)
         return render('admin/my_account/my_account.html')
     def my_account_perms(self):
         c.active = 'perms'
         self.__load_data()
         c.perm_user = AuthUser(user_id=self.authuser.user_id)
         c.ip_addr = self.ip_addr
         return render('admin/my_account/my_account.html')
     def my_account_emails(self):
         c.active = 'emails'
         self.__load_data()
         c.user_email_map = UserEmailMap.query()\
             .filter(UserEmailMap.user == c.user).all()
         return render('admin/my_account/my_account.html')
     def my_account_emails_add(self):
         email = request.POST.get('new_email')
         try:
             UserModel().add_extra_email(self.authuser.user_id, email)
             Session().commit()
             h.flash(_("Added email %s to user") % email, category='success')
         except formencode.Invalid, error:
             msg = error.error_dict['email']
             h.flash(msg, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during email saving'),
                     category='error')
         return redirect(url('my_account_emails'))
     def my_account_emails_delete(self):
         email_id = request.POST.get('del_email_id')
         user_model = UserModel()
         user_model.delete_extra_email(self.authuser.user_id, email_id)
         Session().commit()
         h.flash(_("Removed email from user"), category='success')
         return redirect(url('my_account_emails'))
     def my_account_api_keys(self):
         c.active = 'api_keys'
         self.__load_data()
         show_expired = True
         c.lifetime_values = [
             (str(-1), _('Forever')),
             (str(5), _('5 minutes')),
             (str(60), _('1 hour')),
             (str(60 * 24), _('1 day')),
             (str(60 * 24 * 30), _('1 month')),
+        ]
         c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
         c.user_api_keys = ApiKeyModel().get_api_keys(self.authuser.user_id,
                                                      show_expired=show_expired)
         return render('admin/my_account/my_account.html')
     def my_account_api_keys_add(self):
         lifetime = safe_int(request.POST.get('lifetime'), -1)
         description = request.POST.get('description')
         ApiKeyModel().create(self.authuser.user_id, description, lifetime)

kallithea/templates/admin/my_account/my_account_password.html

➞

Show inline comments

 <div style="font-size: 20px; color: #666666; padding: 0px 0px 10px 0px">${_('Change Your Account Password')}</div>
 %if c.can_change_password:
 ${h.form(url('my_account_password'), method='post')}
 <div class="form">
     <div class="fields">
      <div class="field">
         <div class="label">
             <label for="current_password">${_('Current password')}:</label>
         </div>
         <div class="input">
             ${h.password('current_password',class_='medium')}
         </div>
      </div>
      <div class="field">
         <div class="label">
             <label for="new_password">${_('New password')}:</label>
         </div>
         <div class="input">
             ${h.password('new_password',class_='medium')}
         </div>
      </div>
      <div class="field">
         <div class="label">
             <label for="new_password_confirmation">${_('Confirm new password')}:</label>
         </div>
         <div class="input">
             ${h.password('new_password_confirmation',class_='medium')}
         </div>
      </div>
         <div class="buttons">
           ${h.submit('save',_('Save'),class_="btn")}
           ${h.reset('reset',_('Reset'),class_="btn")}
         </div>
     </div>
 </div>
 ${h.end_form()}
 %else:
 ${_('This account is managed with %s and the password cannot be changed here') % c.user.extern_type}
 %endif

0 comments (0 inline, 0 general)