From e4d2f51f6a44f5c93d70bb91f5f6ea04821fd382 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 27 Jun 2023 10:16:17 +0000 Subject: [PATCH] users: Move passwd handler from people Signed-off-by: Michael Tremer --- Makefile.am | 2 +- src/templates/{people => users}/passwd.html | 0 src/web/__init__.py | 2 +- src/web/people.py | 47 --------------------- src/web/users.py | 47 +++++++++++++++++++++ 5 files changed, 49 insertions(+), 49 deletions(-) rename src/templates/{people => users}/passwd.html (100%) diff --git a/Makefile.am b/Makefile.am index 8277a706..2cfad43f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -275,7 +275,6 @@ templates_people_DATA = \ src/templates/people/call.html \ src/templates/people/calls.html \ src/templates/people/index.html \ - src/templates/people/passwd.html \ src/templates/people/sip.html \ src/templates/people/subscribed.html \ src/templates/people/unsubscribe.html \ @@ -309,6 +308,7 @@ templates_staticdir = $(templatesdir)/static templates_users_DATA = \ src/templates/users/index.html \ + src/templates/users/passwd.html \ src/templates/users/show.html templates_usersdir = $(templatesdir)/users diff --git a/src/templates/people/passwd.html b/src/templates/users/passwd.html similarity index 100% rename from src/templates/people/passwd.html rename to src/templates/users/passwd.html diff --git a/src/web/__init__.py b/src/web/__init__.py index 91a8cdc2..92bb56fc 100644 --- a/src/web/__init__.py +++ b/src/web/__init__.py @@ -168,6 +168,7 @@ class Application(tornado.web.Application): (r"/users", users.IndexHandler), (r"/users/([a-z_][a-z0-9_-]{0,31})", users.ShowHandler), (r"/users/([a-z_][a-z0-9_-]{0,31})\.jpg", users.AvatarHandler), + (r"/users/([a-z_][a-z0-9_-]{0,31})/passwd", users.PasswdHandler), # Static Pages (r"/about", StaticHandler, { "template" : "about.html" }), @@ -319,7 +320,6 @@ class Application(tornado.web.Application): (r"/users/([a-z_][a-z0-9_-]{0,31})/calls/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})", people.CallHandler), (r"/users/([a-z_][a-z0-9_-]{0,31})/calls(?:/(\d{4}-\d{2}-\d{2}))?", people.CallsHandler), (r"/users/([a-z_][a-z0-9_-]{0,31})/edit", people.UserEditHandler), - (r"/users/([a-z_][a-z0-9_-]{0,31})/passwd", people.UserPasswdHandler), (r"/users/([a-z_][a-z0-9_-]{0,31})/sip", people.SIPHandler), # Promotional Consent Stuff diff --git a/src/web/people.py b/src/web/people.py index 3502704f..251e74dc 100644 --- a/src/web/people.py +++ b/src/web/people.py @@ -160,53 +160,6 @@ class UserEditHandler(base.BaseHandler): self.redirect("/users/%s" % account.uid) -class UserPasswdHandler(base.BaseHandler): - @tornado.web.authenticated - def get(self, uid): - account = self.backend.accounts.get_by_uid(uid) - if not account: - raise tornado.web.HTTPError(404, "Could not find account %s" % uid) - - # Check for permissions - if not account.can_be_managed_by(self.current_user): - raise tornado.web.HTTPError(403, "%s cannot manage %s" % (self.current_user, account)) - - self.render("people/passwd.html", account=account) - - @tornado.web.authenticated - def post(self, uid): - account = self.backend.accounts.get_by_uid(uid) - if not account: - raise tornado.web.HTTPError(404, "Could not find account %s" % uid) - - # Check for permissions - if not account.can_be_managed_by(self.current_user): - raise tornado.web.HTTPError(403, "%s cannot manage %s" % (self.current_user, account)) - - # Get current password - password = self.get_argument("password") - - # Get new password - password1 = self.get_argument("password1") - password2 = self.get_argument("password2") - - # Passwords must match - if not password1 == password2: - raise tornado.web.HTTPError(400, "Passwords do not match") - - # XXX Check password complexity - - # Check if old password matches - if not account.check_password(password): - raise tornado.web.HTTPError(403, "Incorrect password for %s" % account) - - # Save new password - account.passwd(password1) - - # Redirect back to user's page - self.redirect("/users/%s" % account.uid) - - class AgentModule(ui_modules.UIModule): def render(self, account): return self.render_string("people/modules/agent.html", account=account) diff --git a/src/web/users.py b/src/web/users.py index af34078b..89e2359d 100644 --- a/src/web/users.py +++ b/src/web/users.py @@ -142,6 +142,53 @@ class AvatarHandler(base.BaseHandler): return f.getvalue() +class PasswdHandler(base.BaseHandler): + @tornado.web.authenticated + def get(self, uid): + account = self.backend.accounts.get_by_uid(uid) + if not account: + raise tornado.web.HTTPError(404, "Could not find account %s" % uid) + + # Check for permissions + if not account.can_be_managed_by(self.current_user): + raise tornado.web.HTTPError(403, "%s cannot manage %s" % (self.current_user, account)) + + self.render("users/passwd.html", account=account) + + @tornado.web.authenticated + def post(self, uid): + account = self.backend.accounts.get_by_uid(uid) + if not account: + raise tornado.web.HTTPError(404, "Could not find account %s" % uid) + + # Check for permissions + if not account.can_be_managed_by(self.current_user): + raise tornado.web.HTTPError(403, "%s cannot manage %s" % (self.current_user, account)) + + # Get current password + password = self.get_argument("password") + + # Get new password + password1 = self.get_argument("password1") + password2 = self.get_argument("password2") + + # Passwords must match + if not password1 == password2: + raise tornado.web.HTTPError(400, "Passwords do not match") + + # XXX Check password complexity + + # Check if old password matches + if not account.check_password(password): + raise tornado.web.HTTPError(403, "Incorrect password for %s" % account) + + # Save new password + account.passwd(password1) + + # Redirect back to user's page + self.redirect("/users/%s" % account.uid) + + class GroupIndexHandler(base.BaseHandler): @tornado.web.authenticated def get(self): -- 2.47.3