Update password for users

2025-08-16 07:35:51 +00:00 · 2023-06-08 18:59:44 +02:00
parent cea3ab2075
commit f7064811d7
5 changed files with 59 additions and 4 deletions
--- a/app/forms.py
+++ b/app/forms.py
@@ -65,5 +65,16 @@ class UserForm(FlaskForm):
                    raise ValidationError(message)


+class UpdatePasswordForm(FlaskForm):
+    password = PasswordField(
+        "Password", validators=[DataRequired(), Length(4, 150)]
+    )
+    password2 = PasswordField(
+        "Password",
+        validators=[DataRequired(), Length(4, 150), EqualTo("password")],
+    )
+    submit = SubmitField()
+
+
 class BenchmarkSelect(FlaskForm):
    submit = SubmitField("Select")
--- a/app/main.py
+++ b/app/main.py
@@ -4,7 +4,6 @@ from benchmark.Utils import Files
 from flask import (
    Blueprint,
    render_template,
-    current_app,
    url_for,
    flash,
    redirect,
@@ -12,7 +11,7 @@ from flask import (
 )
 from flask_login import login_user, current_user, logout_user, login_required
 from werkzeug.urls import url_parse
-from .forms import LoginForm, UserForm
+from .forms import LoginForm, UserForm, UpdatePasswordForm
 from .models import User, Benchmark, db

 main = Blueprint("main", __name__)
@@ -101,7 +100,7 @@ def users():
    return render_template("users.html", users=users)


-@main.route("/user_edit/<user_id>", methods=["GET", "POST"])
+@main.route("/user_edit/<int:user_id>", methods=["GET", "POST"])
@login_required
 def user_edit(user_id):
    if user_id != current_user.id and not current_user.admin:
@@ -128,7 +127,7 @@ def user_edit(user_id):
    )


-@main.route("/user_delete/<user_id>", methods=["GET", "POST"])
+@main.route("/user_delete/<int:user_id>", methods=["GET", "POST"])
@login_required
 def user_delete(user_id):
    if user_id != current_user.id and not current_user.admin:
@@ -186,3 +185,32 @@ def user_new():
    return render_template(
        "user.html", form=form, alert_type="info", title="New User"
    )
+
+
+@main.route(
+    "/password/<user_id>/<back>",
+    methods=["GET", "POST"],
+)
+@main.route(
+    "/password/<user_id>",
+    defaults={"back": "None"},
+    methods=["GET", "POST"],
+)
+@login_required
+def password(user_id, back):
+    if not current_user.admin and user_id != current_user.id:
+        flash("You are not an admin.", "danger")
+        return redirect(url_for(INDEX))
+    form = UpdatePasswordForm()
+    user = User.query.filter_by(id=user_id).first()
+    form.submit.label.text = "Update Password"
+    destination = "main.index" if back == "None" else back
+    if form.validate_on_submit():
+        form.populate_obj(user)
+        user.set_password(form.password.data)
+        db.session.commit()
+        flash("Password updated successfully.")
+        return redirect(url_for(destination))
+    return render_template(
+        "password.html", form=form, back=destination, user_name=user.username
+    )
--- a/app/templates/_nav.html
+++ b/app/templates/_nav.html
@@ -38,6 +38,8 @@
                        <ul class="dropdown-menu dropdown-menu-dark"
                            aria-labelledby="navbarDarkDropdownMenuLink">
                            {% if current_user.admin %}{{ render_nav_item('main.users', 'Users') |safe }}{% endif %}
+                            <a class="nav-item nav-link"
+                               href="{{ url_for("main.password", user_id=current_user.id) }}">Password</a>
                            {{ render_nav_item('main.logout', 'Logout') |safe }}
                        </ul>
                    </li>
--- a/app/templates/password.html
+++ b/app/templates/password.html
@@ -0,0 +1,12 @@
+{% extends  "base.html" %}
+{% from 'bootstrap5/form.html' import render_form %}
+{% block content %}
+    <div class="alert alert-info col-md-4" role="alert">
+        <h4 class="alert-heading">Change password for {{ user_name }}</h4>
+        <button class="btn btn-primary"
+                onclick="window.location.href='{{ url_for(back) }}'">Back</button>
+        <div class="row">
+            <div>{{ render_form(form) }}</div>
+        </div>
+    </div>
+{% endblock %}
--- a/app/templates/users.html
+++ b/app/templates/users.html
@@ -48,6 +48,8 @@
                                   class="btn btn-primary"><span><i class="mdi mdi-account"></i></span></a>
                                <a href="{{ url_for("main.user_delete", user_id=user.id) }}"
                                   class="btn btn-danger"><i class="mdi mdi-account-remove"></i></a>
+                                <a href="{{ url_for("main.password", user_id=user.id, back="main.users") }}"
+                                   class="btn btn-warning"><i class="mdi mdi-lock-reset"></i></a>
                            </td>
                        </tr>
                    {% endfor %}