implement password and display name changes

2020-02-23 03:59:46 -05:00 · 2020-02-23 03:59:46 -05:00 · b7d400d774
parent 1486c63c44
commit b7d400d774
5 changed files with 56 additions and 28 deletions
--- a/uncia/database/put.py
+++ b/uncia/database/put.py
@ -202,8 +202,8 @@ def whitelist(action, data, reason=None, db=None):


@newtrans
-def user(handle, password, db=None):
-	username = handle.lower()
+def user(username, password, db=None):
+	handle = username.lower()
 	timestamp = datetime.now().timestamp()

 	if query('users', {'username': username}):
@ -270,19 +270,16 @@ def del_token(token, db=None):


@newtrans
-def acct_name(handle, username=None, db=None):
-	data = {'handle', handle}
-
-	if username:
-		data['username'] = username
-
+def acct_name(handle, username, db=None):
+	data = {'username': username}
 	user = get.user(handle)

 	if not user:
 		logging.warning(f'Invalid user: {handle}')
 		return

-	db.update('users', data, id=user['id'])
+	if db.update('users', data, id=user['id']):
+		return True


@newtrans
@ -292,4 +289,5 @@ def password(handle, password, db=None):
 	if not user:
 		logging.warning(f'Invalid user: {handle}')

-	db.update('users', {'password': Hash.hash(password)}, id=user['id'])
+	if db.update('users', {'password': Hash.hash(password)}, id=user['id']):
+		return True
--- a/uncia/frontend/layout.css
+++ b/uncia/frontend/layout.css
@ -277,6 +277,11 @@ tr:last-child .col2 {
 	height: 200px;
 }

+#code input[type="submit"] {
+	display: inline-block;
+	width: 100px;
+}
+

 /* info page */
 .stats .title, .info .title {
--- a/uncia/frontend/templates/account.haml
+++ b/uncia/frontend/templates/account.haml
@ -32,24 +32,20 @@
 							%input{'type': 'submit', 'value': 'Delete'}

 	%div{'class': 'section account profile'}
-		%h2{'class': 'title'} Profile
-		%form{'action': 'https://{{config.host}}/account/profile', 'method': 'post'}
-			%label< Display Name: 
-			%input{'type': 'text', 'name': 'displayname', 'placeholder': 'displayname', 'value': '{{user.handle}}'}
-			%br
-			%label< Username: 
-			%input{'type': 'text', 'name': 'username', 'placeholder': 'username', 'value': '{{user.username}}'}
+		%h2{'class': 'title'} Display Name
+		%form{'action': 'https://{{config.host}}/account/name', 'method': 'post'}
+			%input{'type': 'text', 'name': 'displayname', 'placeholder': 'displayname', 'value': '{{user.username}}'}
 			%br
 			%input{'type': 'submit', 'value': 'Submit'}

 	%div{'class': 'section account password'}
 		%h2{'class': 'title'} Password
 		%form{'action': 'https://{{config.host}}/account/password', 'method': 'post'}
-			%input{'type': 'password', 'name': 'oldpassword', 'placeholder': 'old password'}
+			%input{'type': 'password', 'name': 'password', 'placeholder': 'old password'}
 			%br
-			%input{'type': 'password', 'name': 'password1', 'placeholder': 'new password'}
+			%input{'type': 'password', 'name': 'newpass1', 'placeholder': 'new password'}
 			%br
-			%input{'type': 'password', 'name': 'password2', 'placeholder': 'new password again'}
+			%input{'type': 'password', 'name': 'newpass2', 'placeholder': 'new password again'}
 			%br
 			%input{'type': 'submit', 'value': 'Submit'}

--- a/uncia/frontend/templates/base.haml
+++ b/uncia/frontend/templates/base.haml
@ -68,7 +68,7 @@
 				%div{'class': 'grid-item acct', 'style': 'display: inline'}
 					-if config.setup
 						-if user != None
-							{{user.handle}} [<a href='/logout'>logout</a>]
+							{{user.username}} [<a href='/logout'>logout</a>]

 							-else
 								Guest [<a href='/login'>login</a>]
--- a/uncia/views.py
+++ b/uncia/views.py
@ -262,7 +262,7 @@ class Admin(HTTPMethodView):


 class Account(HTTPMethodView):
-	async def get(self, request):
+	async def get(self, request, msg=None):
 		token = request.cookies.get('token')
 		token_data = get.token(token)

@ -273,7 +273,8 @@ class Account(HTTPMethodView):
 		tokens = get.token({'userid': token_data['userid']})
 		context = {
 			'tokens': [{'id': token['id'], 'token': token['token'], 'timestamp': format_date(token['timestamp'])} for token in tokens],
-			'user': user
+			'user': user,
+			'msg': msg
 		}

 		return render('account.html', request, context)
@ -284,21 +285,49 @@ class Account(HTTPMethodView):
 		token = request.cookies.get('token')
 		token_data = get.token(token)
 		user = get.user(token_data['userid'])
-		username = user['handle']
+		handle = user['handle']
+
+		if action in ['delete', 'password']:
+			if not get.verify_password(handle, password):
+				return await self.get(request, msg='Invalid password')

 		if action == 'delete':
 			if None in [password, token, user]:
 				return response.redirect('/account')

-			if not get.verify_password(username, password):
-				return await self.get(request, msg='Invalid password')
-
 			print(put.del_user(token))
 			resp = response.redirect('/')
 			del resp.cookies['token']
 			return resp

-		return await self.get(request)
+		if action == 'password':
+			pass1 = request['form'].get('newpass1')
+			pass2 = request['form'].get('newpass2')
+
+			if pass1 != pass2:
+				return await self.get(request, msg='New passwords do not match')
+
+			new_pass = pass1
+
+			if not put.password(handle, new_pass):
+				return await self.get(request, msg='Failed to update password')
+
+			else:
+				return await self.get(request, msg='Updated password')
+
+		if action == 'name':
+			dispname = request['form'].get('displayname')
+
+			if not dispname:
+				return await self.get(request, msg='Missing new display name')
+
+			if put.acct_name(handle, dispname):
+				return await self.get(request, msg='Updated display name')
+
+			else:
+				return await self.get(request, msg='Failed to update display name')
+
+		return response.redirect('/account')


 class Cache(HTTPMethodView):