From f1bcac65a68e67bff8322e238d9e5e39d3227e5f Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier <snakebite@jvnv.net>
Date: Sat, 12 Nov 2011 21:13:47 +0100
Subject: Added a change password option when logged in.

---
 fbin.py                   | 60 ++++++++++++++++++++++++++++++++++++++++++++++-
 templates/__init__.py     |  1 +
 templates/base.tmpl       |  2 +-
 templates/changepass.tmpl | 16 +++++++++++++
 4 files changed, 77 insertions(+), 2 deletions(-)
 create mode 100644 templates/changepass.tmpl

diff --git a/fbin.py b/fbin.py
index 0b8bed4..5aaa6a1 100755
--- a/fbin.py
+++ b/fbin.py
@@ -65,6 +65,17 @@ class Application(object):
 
 		return user
 
+	def save_user_pass(self, user, password):
+		session = db.Session()
+		try:
+			user.password = password
+			session.add(user)
+			session.commit()
+			# Avoid having to fetch user again (used by changepass)
+			session.refresh(user)
+		finally:
+			session.close()
+
 	def get_file(self, hash):
 		session = db.Session()
 		try:
@@ -346,6 +357,52 @@ class Application(object):
 			('Location', settings.virtual_root)])
 		return []
 
+	def changepass(self, environ, start_response, path):
+		c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None)
+		user = self.validate_cookie(c)
+		form = cgi.FieldStorage(fp = environ['wsgi.input'], environ = environ)
+		if environ['REQUEST_METHOD'] != 'POST' or not 'oldpass' in form or not 'password' in form or not 'password2' in form:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return str(templates.changepass(searchList = {
+				'root': settings.virtual_root,
+				'user': user,
+				'error': None,
+			}))
+
+		oldpass = hashlib.sha1(form.getvalue('oldpass')).hexdigest()
+		password = form.getvalue('password')
+		password2 = form.getvalue('password2')
+
+		if oldpass != user.password:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return str(templates.changepass(searchList = {
+				'root': settings.virtual_root,
+				'user': user,
+				'error': 'Invalid password.',
+			}))
+
+		if password != password2:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return str(templates.changepass(searchList = {
+				'root': settings.virtual_root,
+				'user': user,
+				'error': 'Passwords doesn\'t match.',
+			}))
+
+		password = hashlib.sha1(password).hexdigest()
+		self.save_user_pass(user, password)
+
+		dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30)
+		expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT')
+		c['uid']['expires'] = expires
+		c['identifier'] = hashlib.sha1(str(user.id) + password).hexdigest()
+		c['identifier']['expires'] = expires
+		start_response('302 Found', [
+			('Set-Cookie', c['uid'].OutputString()),
+			('Set-Cookie', c['identifier'].OutputString()),
+			('Location', settings.virtual_root)])
+		return []
+
 	def static(self, environ, start_response, path):
 		filename = path[1]
 		if not filename in ('style.css',):
@@ -424,11 +481,12 @@ class Application(object):
 	t = thumb
 	o = logout
 	r = register
+	c = changepass
 
 	def __call__(self, environ, start_response):
 		path = environ['PATH_INFO'].split('/')[1:]
 		module = path[0] if len(path) else ''
-		if len(module) and module in 'fulshmitor':
+		if len(module) and module in 'fulshmitorc':
 			return getattr(self, module)(environ, start_response, path)
 		else:
 			start_response('302 Found', [('Location', settings.virtual_root + 'u')])
diff --git a/templates/__init__.py b/templates/__init__.py
index 3f11c65..5c9f28e 100644
--- a/templates/__init__.py
+++ b/templates/__init__.py
@@ -5,3 +5,4 @@ from login import login
 from my import my
 from images import images
 from register import register
+from changepass import changepass
diff --git a/templates/base.tmpl b/templates/base.tmpl
index 6c1cb4f..d9d9ab1 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -29,7 +29,7 @@
 			</div>
 			<p class="login">#slurp
 #if $user
-Logged in as $user.username.#slurp
+Logged in as $user.username. <a href="${root}c">Change password</a>#slurp
 #else
 Not logged in.#slurp
 #end if
diff --git a/templates/changepass.tmpl b/templates/changepass.tmpl
new file mode 100644
index 0000000..4171f36
--- /dev/null
+++ b/templates/changepass.tmpl
@@ -0,0 +1,16 @@
+#def title: changepass
+#def header: changepass
+#extends templates.base
+#def content
+#set error = $error or ''
+		<div class="error">$error</div>
+		<form method="post" action="${root}c">
+			<p>current password</p>
+			<p><input type="password" id="oldpass" name="oldpass" /></p>
+			<p>new password</p>
+			<p><input type="password" id="password" name="password" /></p>
+			<p>repeat new password</p>
+			<p><input type="password" id="password2" name="password2" /></p>
+			<p><input type="submit" value="Login" /></p>
+		</form>
+#end def
-- 
cgit v1.2.3