summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlejandro Sirgo Rica <asirgo@soleta.eu>2024-06-19 11:17:34 +0200
committerAlejandro Sirgo Rica <asirgo@soleta.eu>2024-06-19 11:53:56 +0200
commitee42cbd32355669304c63cbffe2c9d758e373fc2 (patch)
tree21aaeaed4fecccb6994b1c603912413082b88b75
parent2ae6f37e60955521eb8637127b37c76c19a7f607 (diff)
views: make password optional in user/edit
Add the option to leave the password fields empty in the form. When the passwords are not set the user keeps the old password configuration. Define a EditUserForm based on UserForm in forms/auth.py to remove the InputRequired validator in the password fields. Update the html template to make the password fields optional.
-rw-r--r--ogcp/forms/auth.py9
-rw-r--r--ogcp/templates/auth/edit_user.html4
-rw-r--r--ogcp/views.py32
3 files changed, 30 insertions, 15 deletions
diff --git a/ogcp/forms/auth.py b/ogcp/forms/auth.py
index 72afe23..d85931b 100644
--- a/ogcp/forms/auth.py
+++ b/ogcp/forms/auth.py
@@ -9,7 +9,7 @@ from wtforms import (
Form, SubmitField, HiddenField, SelectField, BooleanField, IntegerField,
StringField, RadioField, PasswordField, SelectMultipleField, widgets
)
-from wtforms.validators import InputRequired
+from wtforms.validators import InputRequired, Optional
from flask_wtf import FlaskForm
from flask_babel import lazy_gettext as _l
from flask_babel import _
@@ -55,6 +55,13 @@ class UserForm(FlaskForm):
)
+class EditUserForm(UserForm):
+ def __init__(self, *args, **kwargs):
+ super(EditUserForm, self).__init__(*args, **kwargs)
+ self.pwd.validators = [Optional()]
+ self.pwd_confirm.validators = [Optional()]
+
+
class DeleteUserForm(FlaskForm):
username = HiddenField(
validators=[InputRequired()]
diff --git a/ogcp/templates/auth/edit_user.html b/ogcp/templates/auth/edit_user.html
index b9e748d..3b10508 100644
--- a/ogcp/templates/auth/edit_user.html
+++ b/ogcp/templates/auth/edit_user.html
@@ -19,12 +19,12 @@
<div class="form-group">
{{ form.pwd.label(class_='form-label') }}
- {{ form.pwd(class_='form-control') }}
+ <input type="password" name="pwd" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">
</div>
<div class="form-group">
{{ form.pwd_confirm.label(class_='form-label') }}
- {{ form.pwd_confirm(class_='form-control') }}
+ <input type="password" name="pwd_confirm" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">
</div>
<div class="form-group form-check">
diff --git a/ogcp/views.py b/ogcp/views.py
index b2c1994..f023d1f 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -25,7 +25,7 @@ from flask_login import (
from pathlib import Path
from ogcp.models import User
-from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm
+from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm, EditUserForm
from ogcp.og_server import OGServer, servers
from flask_babel import lazy_gettext as _l
from flask_babel import gettext, _
@@ -2877,14 +2877,17 @@ def delete_server(server):
return redirect(url_for('manage_servers'))
-def save_user(form):
+def save_user(form, preserve_pwd):
username = form.username.data
- pwd_hash = hash_password(form.pwd.data)
- pwd_hash_confirm = hash_password(form.pwd_confirm.data)
- if not pwd_hash == pwd_hash_confirm:
- flash(_('Passwords do not match'), category='error')
- return redirect(url_for('users'))
+ if preserve_pwd:
+ pwd_hash = form.pwd.data
+ else:
+ pwd_hash = hash_password(form.pwd.data)
+ pwd_hash_confirm = hash_password(form.pwd_confirm.data)
+ if not pwd_hash == pwd_hash_confirm:
+ flash(_('Passwords do not match'), category='error')
+ return redirect(url_for('users'))
admin = form.admin.data
scopes = form.scopes.data
@@ -2950,7 +2953,7 @@ def user_add_post():
flash(_('This username already exists'), category='error')
return redirect(url_for('users'))
- return save_user(form)
+ return save_user(form, preserve_pwd=False)
@app.route('/user/edit', methods=['GET'])
@@ -2966,7 +2969,7 @@ def user_edit_get():
flash(_('User {} do not exists').format(username), category='error')
return redirect(url_for('users'))
- form = UserForm()
+ form = EditUserForm()
form.username.data = user.get('USER')
form.username.render_kw = {'readonly': True}
form.admin.data = user.get('ADMIN')
@@ -2979,20 +2982,25 @@ def user_edit_get():
@app.route('/user/edit', methods=['POST'])
@login_required
def user_edit_post():
- form = UserForm(request.form)
+ form = EditUserForm(request.form)
form.scopes.choices = get_center_choices()
if not form.validate():
flash(form.errors, category='error')
return redirect(url_for('users'))
username = form.username.data
- if not get_user(username):
+ old_user_data = get_user(username)
+ if not old_user_data:
flash(_('User {} do not exists').format(username), category='error')
return redirect(url_for('users'))
+ preserve_pwd = (not form.pwd.data and not form.pwd_confirm.data)
+ if preserve_pwd:
+ form.pwd.data = old_user_data.get("PASS")
+
delete_user(username)
- return save_user(form)
+ return save_user(form, preserve_pwd)
@app.route('/user/delete', methods=['GET'])