diff options
-rwxr-xr-x | fbin.py | 60 | ||||
-rw-r--r-- | templates/__init__.py | 1 | ||||
-rw-r--r-- | templates/base.tmpl | 2 | ||||
-rw-r--r-- | templates/changepass.tmpl | 16 |
4 files changed, 77 insertions, 2 deletions
@@ -65,6 +65,17 @@ class Application(object): return user + def save_user_pass(self, user, password): + session = db.Session() + try: + user.password = password + session.add(user) + session.commit() + # Avoid having to fetch user again (used by changepass) + session.refresh(user) + finally: + session.close() + def get_file(self, hash): session = db.Session() try: @@ -346,6 +357,52 @@ class Application(object): ('Location', settings.virtual_root)]) return [] + def changepass(self, environ, start_response, path): + c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None) + user = self.validate_cookie(c) + form = cgi.FieldStorage(fp = environ['wsgi.input'], environ = environ) + if environ['REQUEST_METHOD'] != 'POST' or not 'oldpass' in form or not 'password' in form or not 'password2' in form: + start_response('200 OK', [('Content-Type', 'text/html')]) + return str(templates.changepass(searchList = { + 'root': settings.virtual_root, + 'user': user, + 'error': None, + })) + + oldpass = hashlib.sha1(form.getvalue('oldpass')).hexdigest() + password = form.getvalue('password') + password2 = form.getvalue('password2') + + if oldpass != user.password: + start_response('200 OK', [('Content-Type', 'text/html')]) + return str(templates.changepass(searchList = { + 'root': settings.virtual_root, + 'user': user, + 'error': 'Invalid password.', + })) + + if password != password2: + start_response('200 OK', [('Content-Type', 'text/html')]) + return str(templates.changepass(searchList = { + 'root': settings.virtual_root, + 'user': user, + 'error': 'Passwords doesn\'t match.', + })) + + password = hashlib.sha1(password).hexdigest() + self.save_user_pass(user, password) + + dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30) + expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT') + c['uid']['expires'] = expires + c['identifier'] = hashlib.sha1(str(user.id) + password).hexdigest() + c['identifier']['expires'] = expires + start_response('302 Found', [ + ('Set-Cookie', c['uid'].OutputString()), + ('Set-Cookie', c['identifier'].OutputString()), + ('Location', settings.virtual_root)]) + return [] + def static(self, environ, start_response, path): filename = path[1] if not filename in ('style.css',): @@ -424,11 +481,12 @@ class Application(object): t = thumb o = logout r = register + c = changepass def __call__(self, environ, start_response): path = environ['PATH_INFO'].split('/')[1:] module = path[0] if len(path) else '' - if len(module) and module in 'fulshmitor': + if len(module) and module in 'fulshmitorc': return getattr(self, module)(environ, start_response, path) else: start_response('302 Found', [('Location', settings.virtual_root + 'u')]) diff --git a/templates/__init__.py b/templates/__init__.py index 3f11c65..5c9f28e 100644 --- a/templates/__init__.py +++ b/templates/__init__.py @@ -5,3 +5,4 @@ from login import login from my import my from images import images from register import register +from changepass import changepass diff --git a/templates/base.tmpl b/templates/base.tmpl index 6c1cb4f..d9d9ab1 100644 --- a/templates/base.tmpl +++ b/templates/base.tmpl @@ -29,7 +29,7 @@ </div> <p class="login">#slurp #if $user -Logged in as $user.username.#slurp +Logged in as $user.username. <a href="${root}c">Change password</a>#slurp #else Not logged in.#slurp #end if diff --git a/templates/changepass.tmpl b/templates/changepass.tmpl new file mode 100644 index 0000000..4171f36 --- /dev/null +++ b/templates/changepass.tmpl @@ -0,0 +1,16 @@ +#def title: changepass +#def header: changepass +#extends templates.base +#def content +#set error = $error or '' + <div class="error">$error</div> + <form method="post" action="${root}c"> + <p>current password</p> + <p><input type="password" id="oldpass" name="oldpass" /></p> + <p>new password</p> + <p><input type="password" id="password" name="password" /></p> + <p>repeat new password</p> + <p><input type="password" id="password2" name="password2" /></p> + <p><input type="submit" value="Login" /></p> + </form> +#end def |