Added a bunch of stuff

2025-10-30 11:19:58 +00:00 · 2025-04-16 11:05:58 +02:00
parent e089805f31
commit e52d8097db
5 changed files with 105 additions and 18 deletions
--- a/application/auth/forms.py
+++ b/application/auth/forms.py
@@ -3,17 +3,27 @@ from wtforms import StringField, SubmitField, PasswordField, BooleanField
 from wtforms.validators import DataRequired


-class LoginForm(FlaskForm):
-    username = StringField("Username", validators=[DataRequired()])
-    password = PasswordField("Password")
-    submit = SubmitField("Login")
-
-
-class RegisterForm(FlaskForm):
+class defaultForm(FlaskForm):
    username = StringField("Username", validators=[DataRequired()])
    password = PasswordField("Password", validators=[DataRequired()])
+    submit = SubmitField("Submit")
+
+
+class LoginForm(defaultForm):
+    pass
+
+
+class RegisterForm(defaultForm):
    confirm_password = PasswordField(
        "Confirm Password", validators=[DataRequired()]
    )
    is_admin = BooleanField("Admin")
-    submit = SubmitField("Add")
+
+
+class UpdateForm(defaultForm):
+    confirm_password = PasswordField(
+        "Confirm Password", validators=[DataRequired()]
+    )
+    current_password = PasswordField(
+        "Current Password", validators=[DataRequired()]
+    )
--- a/application/auth/templates/update_user.html
+++ b/application/auth/templates/update_user.html
@@ -0,0 +1,27 @@
+{% extends 'base_template.html' %}
+
+{% block title %}
+Update
+{% endblock %}
+
+{% block content %}
+<form class="bg-body-tertiary" method="POST">
+    {{ form.hidden_tag() }}
+    {% if feedback %}
+    <p class="feedback">{{feedback}}</p>
+    {% endif %}
+    <div>
+        Current password <br> {{ form.current_password() }}
+    </div>
+    <div>
+        New password <br> {{ form.password() }}
+    </div>
+    <div>
+        Confirm new password <br> {{ form.confirm_password() }}
+    </div>
+
+    <div class="submit">
+        {{ form.submit() }}
+    </div>
+</form>
+{% endblock %}
--- a/application/auth/views.py
+++ b/application/auth/views.py
@@ -3,10 +3,15 @@ from flask import Blueprint, render_template, redirect, url_for
 from application import db
 from application.auth.models import User
 from application.auth.forms import LoginForm
-from flask_login import login_required, login_user, logout_user  # type: ignore
+from flask_login import (  # type: ignore
+    login_required,  # type: ignore
+    login_user,  # type: ignore
+    logout_user,
+    current_user,
+)
 from werkzeug.security import check_password_hash, generate_password_hash
 from application.decorators import admin_required
-from application.auth.forms import RegisterForm
+from application.auth.forms import RegisterForm, UpdateForm

 auth_blueprint = Blueprint("auth", __name__, template_folder="templates")

@@ -27,12 +32,14 @@ def register():
                "admin.html",
                form=register_form,
                feedback="Passwords don't match, please try again",
+                active_page="register",
            )
        if User.query.filter_by(username=username).first():
            return render_template(
                "admin.html",
                form=register_form,
                feedback="Username is already taken",
+                active_page="register",
            )
        new_user = User(
            username=username,  # type: ignore
@@ -45,8 +52,41 @@ def register():
            "admin.html",
            form=RegisterForm(formdata=None),
            feedback="User succesfully added",
+            active_page="register",
        )
-    return render_template("admin.html", form=register_form)
+    return render_template(
+        "admin.html", form=register_form, active_page="register"
+    )
+
+
+@auth_blueprint.route("/update_user", methods=["GET", "POST"])
+@login_required
+def update():
+    form = UpdateForm(username=current_user.username)
+    if form.validate_on_submit():  # type: ignore
+        if not check_password_hash(
+            current_user.password, form.current_password.data  # type: ignore
+        ):
+            return render_template(
+                "update_user.html",
+                form=form,
+                feedback="Current password incorrect",
+                active_page="update",
+            )
+        if form.password.data != form.confirm_password.data:
+            return render_template(
+                "update_user.html",
+                form=form,
+                feedback="New password mismatched",
+                active_page="update",
+            )
+        current_user.password = generate_password_hash(
+            form.password.data  # type: ignore
+        )
+        db.session.commit()
+        logout_user()
+        return redirect(url_for("auth.login"))
+    return render_template("update_user.html", form=form, active_page="update")


@auth_blueprint.route("/login", methods=["GET", "POST"])