From ee42cbd32355669304c63cbffe2c9d758e373fc2 Mon Sep 17 00:00:00 2001 From: Alejandro Sirgo Rica Date: Wed, 19 Jun 2024 11:17:34 +0200 Subject: views: make password optional in user/edit Add the option to leave the password fields empty in the form. When the passwords are not set the user keeps the old password configuration. Define a EditUserForm based on UserForm in forms/auth.py to remove the InputRequired validator in the password fields. Update the html template to make the password fields optional. --- ogcp/forms/auth.py | 9 ++++++++- ogcp/templates/auth/edit_user.html | 4 ++-- ogcp/views.py | 32 ++++++++++++++++++++------------ 3 files changed, 30 insertions(+), 15 deletions(-) (limited to 'ogcp') diff --git a/ogcp/forms/auth.py b/ogcp/forms/auth.py index 72afe23..d85931b 100644 --- a/ogcp/forms/auth.py +++ b/ogcp/forms/auth.py @@ -9,7 +9,7 @@ from wtforms import ( Form, SubmitField, HiddenField, SelectField, BooleanField, IntegerField, StringField, RadioField, PasswordField, SelectMultipleField, widgets ) -from wtforms.validators import InputRequired +from wtforms.validators import InputRequired, Optional from flask_wtf import FlaskForm from flask_babel import lazy_gettext as _l from flask_babel import _ @@ -55,6 +55,13 @@ class UserForm(FlaskForm): ) +class EditUserForm(UserForm): + def __init__(self, *args, **kwargs): + super(EditUserForm, self).__init__(*args, **kwargs) + self.pwd.validators = [Optional()] + self.pwd_confirm.validators = [Optional()] + + class DeleteUserForm(FlaskForm): username = HiddenField( validators=[InputRequired()] diff --git a/ogcp/templates/auth/edit_user.html b/ogcp/templates/auth/edit_user.html index b9e748d..3b10508 100644 --- a/ogcp/templates/auth/edit_user.html +++ b/ogcp/templates/auth/edit_user.html @@ -19,12 +19,12 @@
{{ form.pwd.label(class_='form-label') }} - {{ form.pwd(class_='form-control') }} +
{{ form.pwd_confirm.label(class_='form-label') }} - {{ form.pwd_confirm(class_='form-control') }} +
diff --git a/ogcp/views.py b/ogcp/views.py index b2c1994..f023d1f 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -25,7 +25,7 @@ from flask_login import ( from pathlib import Path from ogcp.models import User -from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm +from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm, EditUserForm from ogcp.og_server import OGServer, servers from flask_babel import lazy_gettext as _l from flask_babel import gettext, _ @@ -2877,14 +2877,17 @@ def delete_server(server): return redirect(url_for('manage_servers')) -def save_user(form): +def save_user(form, preserve_pwd): username = form.username.data - pwd_hash = hash_password(form.pwd.data) - pwd_hash_confirm = hash_password(form.pwd_confirm.data) - if not pwd_hash == pwd_hash_confirm: - flash(_('Passwords do not match'), category='error') - return redirect(url_for('users')) + if preserve_pwd: + pwd_hash = form.pwd.data + else: + pwd_hash = hash_password(form.pwd.data) + pwd_hash_confirm = hash_password(form.pwd_confirm.data) + if not pwd_hash == pwd_hash_confirm: + flash(_('Passwords do not match'), category='error') + return redirect(url_for('users')) admin = form.admin.data scopes = form.scopes.data @@ -2950,7 +2953,7 @@ def user_add_post(): flash(_('This username already exists'), category='error') return redirect(url_for('users')) - return save_user(form) + return save_user(form, preserve_pwd=False) @app.route('/user/edit', methods=['GET']) @@ -2966,7 +2969,7 @@ def user_edit_get(): flash(_('User {} do not exists').format(username), category='error') return redirect(url_for('users')) - form = UserForm() + form = EditUserForm() form.username.data = user.get('USER') form.username.render_kw = {'readonly': True} form.admin.data = user.get('ADMIN') @@ -2979,20 +2982,25 @@ def user_edit_get(): @app.route('/user/edit', methods=['POST']) @login_required def user_edit_post(): - form = UserForm(request.form) + form = EditUserForm(request.form) form.scopes.choices = get_center_choices() if not form.validate(): flash(form.errors, category='error') return redirect(url_for('users')) username = form.username.data - if not get_user(username): + old_user_data = get_user(username) + if not old_user_data: flash(_('User {} do not exists').format(username), category='error') return redirect(url_for('users')) + preserve_pwd = (not form.pwd.data and not form.pwd_confirm.data) + if preserve_pwd: + form.pwd.data = old_user_data.get("PASS") + delete_user(username) - return save_user(form) + return save_user(form, preserve_pwd) @app.route('/user/delete', methods=['GET']) -- cgit v1.2.3-18-g5258