From c5c27768f21366a21797dbf3640c42f19973a560 Mon Sep 17 00:00:00 2001 From: Eskil Heyn Olsen Date: Fri, 11 Jan 2013 19:07:07 -0800 Subject: [PATCH] First pieces of change password form --- flask_security/core.py | 10 ++++++++-- flask_security/forms.py | 10 ++++++++++ tests/configured_tests.py | 18 ++++++++++++++++++ 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/flask_security/core.py b/flask_security/core.py index 60d6530..b413c74 100644 --- a/flask_security/core.py +++ b/flask_security/core.py @@ -22,8 +22,8 @@ from werkzeug.local import LocalProxy from .utils import config_value as cv, get_config, md5, url_for_security from .views import create_blueprint from .forms import LoginForm, ConfirmRegisterForm, RegisterForm, \ - ForgotPasswordForm, ResetPasswordForm, SendConfirmationForm, \ - PasswordlessLoginForm + ForgotPasswordForm, ChangePasswordForm, ResetPasswordForm, \ + SendConfirmationForm, PasswordlessLoginForm # Convenient references _security = LocalProxy(lambda: current_app.extensions['security']) @@ -40,6 +40,7 @@ _default_config = { 'LOGOUT_URL': '/logout', 'REGISTER_URL': '/register', 'RESET_URL': '/reset', + 'CHANGE_URL': '/change', 'CONFIRM_URL': '/confirm', 'POST_LOGIN_VIEW': '/', 'POST_LOGOUT_VIEW': '/', @@ -47,12 +48,14 @@ _default_config = { 'POST_REGISTER_VIEW': None, 'POST_CONFIRM_VIEW': None, 'POST_RESET_VIEW': None, + 'POST_CHANGE_VIEW': None, 'UNAUTHORIZED_VIEW': None, 'CONFIRMABLE': False, 'REGISTERABLE': False, 'RECOVERABLE': False, 'TRACKABLE': False, 'PASSWORDLESS': False, + 'CHANGEABLE': False, 'LOGIN_WITHIN': '1 days', 'CONFIRM_EMAIL_WITHIN': '5 days', 'RESET_PASSWORD_WITHIN': '5 days', @@ -63,6 +66,7 @@ _default_config = { 'CONFIRM_SALT': 'confirm-salt', 'RESET_SALT': 'reset-salt', 'LOGIN_SALT': 'login-salt', + 'CHANGE_SALT': 'change-salt', 'REMEMBER_SALT': 'remember-salt', 'DEFAULT_HTTP_AUTH_REALM': 'Login Required', 'EMAIL_SUBJECT_REGISTER': 'Welcome', @@ -93,6 +97,7 @@ _default_messages = { 'DISABLED_ACCOUNT': ('Account is disabled.', 'error'), 'PASSWORDLESS_LOGIN_SUCCESSFUL': ('You have successfuly logged in.', 'success'), 'PASSWORD_RESET': ('You successfully reset your password and you have been logged in automatically.', 'success'), + 'PASSWORD_CHANGE': ('You successfully changes your password.', 'success'), 'LOGIN': ('Please log in to access this page.', 'info'), 'REFRESH': ('Please reauthenticate to access this page.', 'info') } @@ -114,6 +119,7 @@ _default_forms = { 'register_form': RegisterForm, 'forgot_password_form': ForgotPasswordForm, 'reset_password_form': ResetPasswordForm, + 'change_password_form': ChangePasswordForm, 'send_confirmation_form': SendConfirmationForm, 'passwordless_login_form': PasswordlessLoginForm, } diff --git a/flask_security/forms.py b/flask_security/forms.py index 64ae022..9234322 100644 --- a/flask_security/forms.py +++ b/flask_security/forms.py @@ -195,3 +195,13 @@ class ResetPasswordForm(Form, NewPasswordFormMixin, PasswordConfirmFormMixin): """The default reset password form""" submit = SubmitField("Reset Password") + + +class ChangePasswordForm(Form, PasswordFormMixin, PasswordConfirmFormMixin): + """The default Change password form""" + + new_password = PasswordField("New Password", + validators=[password_required, + Length(min=6, max=128)]) + + submit = SubmitField("Change Password") diff --git a/tests/configured_tests.py b/tests/configured_tests.py index f1e0d7d..fc00353 100644 --- a/tests/configured_tests.py +++ b/tests/configured_tests.py @@ -318,6 +318,24 @@ class ExpiredResetPasswordTest(SecurityTest): self.assertIn('You did not reset your password within', r.data) +class ChangePasswordTest(SecurityTest): + + AUTH_CONFIG = { + 'SECURITY_CHANGEABLE': True, + 'SECURITY_POST_CHANGE_VIEW': '/', + } + + def test_change_password(self): + self.authenticate() + r = self.client.post('/change/' + t, data={ + 'password': 'password', + 'new_password': 'newpassword', + 'new_password_confirm': 'newpassword' + }, follow_redirects=True) + + self.assertIn('You successfully changed your password', r.data) + + class TrackableTests(SecurityTest): AUTH_CONFIG = {