Initial commit

.gitignore

+__pycache__

profile.py

+import services
+import db
+from werkzeug.security import generate_password_hash
+import os
+
+
+plugin_dir = os.path.dirname(__file__) # parent folder name of the absolute path of this file
+
+
+def register(add_endpoint, add_postable_endpoint, add_menu):
+    add_endpoint('profile', profile)
+    add_menu('profile', 'Profile', 'profile')
+    add_postable_endpoint('password_change', pwchange)
+
+
+def collect_users(username):
+    x = db.users.find({"redirectname": username})
+    userlist = []
+    for user in x:
+        userlist.append(user['username'])
+        userlist += collect_users(user['username'])
+    return userlist
+
+
+def profile(**kwargs):
+    session = kwargs['session']
+    rqtools = kwargs['rqtools']
+    request = kwargs['request']
+    if 'username' not in session.keys():
+        return rqtools.redirect(rqtools.url_for('login', next='profile'))
+    if not services.authorize_user(session['username'], 'profile'):
+        return rqtools.get_403(None)
+    global plugin_dir
+    return rqtools.render_template(plugin_dir + '/templates/profile.html', other_users=collect_users(session['username']))
+
+
+def pwchange(**kwargs):
+    session = kwargs['session']
+    rqtools = kwargs['rqtools']
+    request = kwargs['request']
+    if 'username' not in session.keys() or not services.authorize_user(session['username'], 'profile'):
+        return rqtools.get_403(None)
+    if 'password' not in request.form.keys() or 'password2' not in request.form.keys():
+        db.sendMessage(session['username'], 'Type both passwords.')
+        return rqtools.redirect(rqtools.url_for('service', servicename='profile'))
+    password = request.form['password']
+    username = session['username']
+    if password != request.form['password2']:
+        db.sendMessage(session['username'], 'Passwords did not match.')
+        return rqtools.redirect(rqtools.url_for('service', servicename='profile'))
+    x = db.users.find_one(filter={'username': username})
+    salted_pw_hash = generate_password_hash(password, salt_length=4)
+    x['pwhash'] = salted_pw_hash
+    db.users.replace_one({'username': username}, x)
+    for other_user in collect_users(username):
+        x = db.users.find_one(filter={'username': other_user})
+        x['pwhash'] = salted_pw_hash
+        db.users.replace_one({'username': other_user}, x)
+    db.sendMessage(session['username'], 'Password changed successfully.')
+    return rqtools.redirect(rqtools.url_for('service', servicename='profile'))

templates/profile.html

+{% extends 'base.html' %}
+
+{% block title %}Profile @ SFeri{% endblock %}
+
+{% block content %}
+
+<h1>Password change</h1>
+
+<h2>Welcome, {{ session['username'] }}!</h2>
+
+<form method="post" action="{{ url_for('service', servicename='password_change') }}">
+    <section class="inputfield">
+        <label for="password">New password</label>
+        <input type="password" name="password" id="password" required>
+    </section>
+    <section class="inputfield">
+        <label for="password2">Repeat password</label>
+        <input type="password" name="password2" id="password2" required>
+    </section>
+    <section class="inputfield">
+        <input class="button" type="submit" value="Change">
+    </section>
+</form>
+
+{% if other_users %}
+<h2>Your other usernames:</h2>
+<p style="text-align: center;" , class="slim-container">
+    {{ other_users[0] }}{% for user in other_users[1:] %}, {{ user }}
+    {% endfor %}
+</p>
+{% endif %}
+
+{% endblock %}
\ No newline at end of file