summaryrefslogtreecommitdiffstats
path: root/ogcp/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'ogcp/views.py')
-rw-r--r--ogcp/views.py32
1 files changed, 20 insertions, 12 deletions
diff --git a/ogcp/views.py b/ogcp/views.py
index b2c1994..f023d1f 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -25,7 +25,7 @@ from flask_login import (
from pathlib import Path
from ogcp.models import User
-from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm
+from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm, EditUserForm
from ogcp.og_server import OGServer, servers
from flask_babel import lazy_gettext as _l
from flask_babel import gettext, _
@@ -2877,14 +2877,17 @@ def delete_server(server):
return redirect(url_for('manage_servers'))
-def save_user(form):
+def save_user(form, preserve_pwd):
username = form.username.data
- pwd_hash = hash_password(form.pwd.data)
- pwd_hash_confirm = hash_password(form.pwd_confirm.data)
- if not pwd_hash == pwd_hash_confirm:
- flash(_('Passwords do not match'), category='error')
- return redirect(url_for('users'))
+ if preserve_pwd:
+ pwd_hash = form.pwd.data
+ else:
+ pwd_hash = hash_password(form.pwd.data)
+ pwd_hash_confirm = hash_password(form.pwd_confirm.data)
+ if not pwd_hash == pwd_hash_confirm:
+ flash(_('Passwords do not match'), category='error')
+ return redirect(url_for('users'))
admin = form.admin.data
scopes = form.scopes.data
@@ -2950,7 +2953,7 @@ def user_add_post():
flash(_('This username already exists'), category='error')
return redirect(url_for('users'))
- return save_user(form)
+ return save_user(form, preserve_pwd=False)
@app.route('/user/edit', methods=['GET'])
@@ -2966,7 +2969,7 @@ def user_edit_get():
flash(_('User {} do not exists').format(username), category='error')
return redirect(url_for('users'))
- form = UserForm()
+ form = EditUserForm()
form.username.data = user.get('USER')
form.username.render_kw = {'readonly': True}
form.admin.data = user.get('ADMIN')
@@ -2979,20 +2982,25 @@ def user_edit_get():
@app.route('/user/edit', methods=['POST'])
@login_required
def user_edit_post():
- form = UserForm(request.form)
+ form = EditUserForm(request.form)
form.scopes.choices = get_center_choices()
if not form.validate():
flash(form.errors, category='error')
return redirect(url_for('users'))
username = form.username.data
- if not get_user(username):
+ old_user_data = get_user(username)
+ if not old_user_data:
flash(_('User {} do not exists').format(username), category='error')
return redirect(url_for('users'))
+ preserve_pwd = (not form.pwd.data and not form.pwd_confirm.data)
+ if preserve_pwd:
+ form.pwd.data = old_user_data.get("PASS")
+
delete_user(username)
- return save_user(form)
+ return save_user(form, preserve_pwd)
@app.route('/user/delete', methods=['GET'])