From db26d28f9b8b916cd80742292914fd3b6b7a85b4 Mon Sep 17 00:00:00 2001
From: Aaron Shaw <shawaj@gmail.com>
Date: Sun, 20 Oct 2024 13:51:53 +0100
Subject: [PATCH] Update auth.py

---
 hw_diag/views/auth.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw_diag/views/auth.py b/hw_diag/views/auth.py
index 514c5d8e..1b5dd24d 100644
--- a/hw_diag/views/auth.py
+++ b/hw_diag/views/auth.py
@@ -70,9 +70,17 @@ def get_password_change_form():
 @authenticate
 def handle_password_change():
     current_password = request.form.get('txtOriginalPassword')
-    new_password = request.form.get('txtNewPassword')
-    confirm_password = request.form.get('txtConfirmPassword')
+    PASSWORD_OVERRIDE = os.getenv('PASSWORD_OVERRIDE', 'false')
 
+    if PASSWORD_OVERRIDE != "false":  # nosec
+        new_password = PASSWORD_OVERRIDE
+        confirm_password = new_password
+        logging.info("Password overriden env var - not updating!")
+    else:
+        new_password = request.form.get('txtNewPassword')
+        confirm_password = request.form.get('txtConfirmPassword')
+        logging.info("No password override. Saving new password!")
+    
     result = update_password(
         current_password,
         new_password,