1 files changed, 20 insertions, 12 deletions

diff --git a/ogcp/views.py b/ogcp/views.py
index b2c1994..f023d1f 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -25,7 +25,7 @@ from flask_login import (
 from pathlib import Path
 
 from ogcp.models import User
-from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm
+from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm, EditUserForm
 from ogcp.og_server import OGServer, servers
 from flask_babel import lazy_gettext as _l
 from flask_babel import gettext, _
@@ -2877,14 +2877,17 @@ def delete_server(server):
     return redirect(url_for('manage_servers'))
 
 
-def save_user(form):
+def save_user(form, preserve_pwd):
     username = form.username.data
 
-    pwd_hash = hash_password(form.pwd.data)
-    pwd_hash_confirm = hash_password(form.pwd_confirm.data)
-    if not pwd_hash == pwd_hash_confirm:
-        flash(_('Passwords do not match'), category='error')
-        return redirect(url_for('users'))
+    if preserve_pwd:
+        pwd_hash = form.pwd.data
+    else:
+        pwd_hash = hash_password(form.pwd.data)
+        pwd_hash_confirm = hash_password(form.pwd_confirm.data)
+        if not pwd_hash == pwd_hash_confirm:
+            flash(_('Passwords do not match'), category='error')
+            return redirect(url_for('users'))
 
     admin = form.admin.data
     scopes = form.scopes.data
@@ -2950,7 +2953,7 @@ def user_add_post():
         flash(_('This username already exists'), category='error')
         return redirect(url_for('users'))
 
-    return save_user(form)
+    return save_user(form, preserve_pwd=False)
 
 
 @app.route('/user/edit', methods=['GET'])
@@ -2966,7 +2969,7 @@ def user_edit_get():
         flash(_('User {} do not exists').format(username), category='error')
         return redirect(url_for('users'))
 
-    form = UserForm()
+    form = EditUserForm()
     form.username.data = user.get('USER')
     form.username.render_kw = {'readonly': True}
     form.admin.data = user.get('ADMIN')
@@ -2979,20 +2982,25 @@ def user_edit_get():
 @app.route('/user/edit', methods=['POST'])
 @login_required
 def user_edit_post():
-    form = UserForm(request.form)
+    form = EditUserForm(request.form)
     form.scopes.choices = get_center_choices()
     if not form.validate():
         flash(form.errors, category='error')
         return redirect(url_for('users'))
 
     username = form.username.data
-    if not get_user(username):
+    old_user_data = get_user(username)
+    if not old_user_data:
         flash(_('User {} do not exists').format(username), category='error')
         return redirect(url_for('users'))
 
+    preserve_pwd = (not form.pwd.data and not form.pwd_confirm.data)
+    if preserve_pwd:
+        form.pwd.data = old_user_data.get("PASS")
+
     delete_user(username)
 
-    return save_user(form)
+    return save_user(form, preserve_pwd)
 
 
 @app.route('/user/delete', methods=['GET'])