mirror of
https://github.com/partitioncloud/partitioncloud-server.git
synced 2025-01-23 17:26:26 +01:00
107 lines
3.2 KiB
Python
107 lines
3.2 KiB
Python
#!/usr/bin/python3
|
|
"""
|
|
User Settings
|
|
"""
|
|
import os
|
|
from flask import Blueprint, render_template, session, current_app, send_file, request, flash, redirect
|
|
from werkzeug.security import check_password_hash
|
|
|
|
from flask_babel import _
|
|
|
|
from .db import get_db
|
|
from .auth import login_required
|
|
from .utils import User
|
|
from . import logging
|
|
|
|
|
|
bp = Blueprint("settings", __name__, url_prefix="/settings")
|
|
|
|
@bp.route("/")
|
|
@login_required
|
|
def index():
|
|
"""
|
|
Settings page
|
|
"""
|
|
user = User(user_id=session.get("user_id"))
|
|
|
|
return render_template(
|
|
"settings/index.html",
|
|
inspected_user=user,
|
|
user=user,
|
|
deletion_allowed=not current_app.config["DISABLE_ACCOUNT_DELETION"]
|
|
)
|
|
|
|
|
|
@bp.route("/delete-account", methods=["POST"])
|
|
@login_required
|
|
def delete_account():
|
|
log_data = None
|
|
if "user_id" not in request.form:
|
|
flash(_("Missing user id."))
|
|
return redirect(request.referrer)
|
|
|
|
cur_user = User(user_id=session.get("user_id"))
|
|
user_id = request.form["user_id"]
|
|
mod_user = User(user_id=user_id)
|
|
|
|
if cur_user.access_level != 1:
|
|
log_data = [mod_user.username, mod_user.id]
|
|
if cur_user.id != mod_user.id:
|
|
flash(_("Missing rights."))
|
|
return redirect(request.referrer)
|
|
|
|
if current_app.config["DISABLE_ACCOUNT_DELETION"]:
|
|
flash(_("You are not allowed to delete your account."))
|
|
return redirect(request.referrer)
|
|
else:
|
|
log_data = [mod_user.username, mod_user.id, cur_user.username]
|
|
|
|
mod_user.delete()
|
|
flash(_("User successfully deleted."))
|
|
logging.log(log_data, logging.LogEntry.DELETE_ACCOUNT)
|
|
if cur_user.id == mod_user.id:
|
|
return redirect("/")
|
|
return redirect("/admin")
|
|
|
|
|
|
@bp.route("/change-password", methods=["POST"])
|
|
@login_required
|
|
def change_password():
|
|
log_data = None
|
|
if "user_id" not in request.form:
|
|
flash(_("Missing user id."))
|
|
return redirect(request.referrer)
|
|
|
|
cur_user = User(user_id=session.get("user_id"))
|
|
user_id = request.form["user_id"]
|
|
mod_user = User(user_id=user_id)
|
|
|
|
if cur_user.access_level != 1:
|
|
log_data = [mod_user.username, mod_user.id]
|
|
if cur_user.id != mod_user.id:
|
|
flash(_("Missing rights."))
|
|
return redirect(request.referrer)
|
|
|
|
if "old_password" not in request.form:
|
|
flash(_("Missing old password."))
|
|
return redirect(request.referrer)
|
|
|
|
if not check_password_hash(mod_user.password, request.form["old_password"]):
|
|
flash(_("Incorrect password."))
|
|
return redirect(request.referrer)
|
|
else:
|
|
log_data = [mod_user.username, mod_user.id, cur_user.username]
|
|
|
|
if "new_password" not in request.form or "confirm_new_password" not in request.form:
|
|
flash(_("Missing password."))
|
|
return redirect(request.referrer)
|
|
|
|
if request.form["new_password"] != request.form["confirm_new_password"]:
|
|
flash(_("Password and its confirmation differ."))
|
|
return redirect(request.referrer)
|
|
|
|
mod_user.update_password(request.form["new_password"])
|
|
flash(_("Successfully updated password."))
|
|
logging.log(log_data, logging.LogEntry.PASSWORD_CHANGE)
|
|
return redirect(request.referrer)
|