diff --git a/app/auth/forms.py b/app/auth/forms.py index cfaf89e38..582e6a176 100644 --- a/app/auth/forms.py +++ b/app/auth/forms.py @@ -33,3 +33,12 @@ def validate_email(self, field): def validate_username(self, field): if User.query.filter_by(username=field.data).first(): raise ValidationError('Username already in use.') + + +class ChangePasswordForm(FlaskForm): + old_password = PasswordField('Old password', validators=[DataRequired()]) + password = PasswordField('New password', validators=[ + DataRequired(), EqualTo('password2', message='Passwords must match.')]) + password2 = PasswordField('Confirm new password', + validators=[DataRequired()]) + submit = SubmitField('Update Password') diff --git a/app/auth/views.py b/app/auth/views.py index 9186daa4b..2f9cfd06c 100644 --- a/app/auth/views.py +++ b/app/auth/views.py @@ -5,7 +5,7 @@ from .. import db from ..models import User from ..email import send_email -from .forms import LoginForm, RegistrationForm +from .forms import LoginForm, RegistrationForm, ChangePasswordForm @auth.before_app_request @@ -86,3 +86,19 @@ def resend_confirmation(): 'auth/email/confirm', user=current_user, token=token) flash('A new confirmation email has been sent to you by email.') return redirect(url_for('main.index')) + + +@auth.route('/change-password', methods=['GET', 'POST']) +@login_required +def change_password(): + form = ChangePasswordForm() + if form.validate_on_submit(): + if current_user.verify_password(form.old_password.data): + current_user.password = form.password.data + db.session.add(current_user) + db.session.commit() + flash('Your password has been updated.') + return redirect(url_for('main.index')) + else: + flash('Invalid password.') + return render_template("auth/change_password.html", form=form) diff --git a/app/templates/auth/change_password.html b/app/templates/auth/change_password.html new file mode 100644 index 000000000..374d86206 --- /dev/null +++ b/app/templates/auth/change_password.html @@ -0,0 +1,13 @@ +{% extends "base.html" %} +{% import "bootstrap/wtf.html" as wtf %} + +{% block title %}Flasky - Change Password{% endblock %} + +{% block page_content %} +