add post method for change password

2018-09-25 20:02:56 -03:00 · 2018-09-25 20:02:56 -03:00 · 3ab98fa0dc
commit 3ab98fa0dc
parent 5da66ecd32
2 changed files with 36 additions and 29 deletions
--- a/firstuseauthenticator/firstuseauthenticator.py
+++ b/firstuseauthenticator/firstuseauthenticator.py
@ -46,6 +46,21 @@ class ResetPasswordHandler(BaseHandler):
        html = self.render_template('reset.html')
        self.finish(html)

+    async def post(self):
+        data = {}
+        for arg in self.request.arguments:
+            data[arg] = self.get_argument(arg, strip=False)
+        user = self.get_current_user()
+        data['username'] = user.name
+        self.authenticator.reset_password(data)
+
+        html = self.render_template(
+            'reset.html',
+            result=True,
+            result_message='password changed successfully',
+        )
+        self.finish(html)
+

 class FirstUseAuthenticator(Authenticator):
    """
@ -95,7 +110,8 @@ class FirstUseAuthenticator(Authenticator):
                if bcrypt.hashpw(password.encode(), stored_pw) != stored_pw:
                    return None
            else:
-                db[username] = bcrypt.hashpw(password.encode(), bcrypt.gensalt())
+                db[username] = bcrypt.hashpw(password.encode(),
+                                             bcrypt.gensalt())
        return username

    def delete_user(self, user):
@ -108,10 +124,17 @@ class FirstUseAuthenticator(Authenticator):
            del db[user.name]

    def reset_password(self, data):
+        """
+        This allow to change password of a logged user.
+        """
        username = data['username']
        new_password = data['password']
-        db[username] = bcrypt.hashpw(new_password.encode(), bcrypt.gensalt())
+
+        with dbm.open(self.dbm_path, 'c', 0o600) as db:
+            db[username] = bcrypt.hashpw(new_password.encode(),
+                                         bcrypt.gensalt())
        return username

    def get_handlers(self, app):
-        return super().get_handlers(app) + [(r'/auth/change-password', ResetPasswordHandler)]
+        return super().get_handlers(app) + [(r'/auth/change-password',
+                                            ResetPasswordHandler)]
--- a/firstuseauthenticator/templates/reset.html
+++ b/firstuseauthenticator/templates/reset.html
@ -3,35 +3,14 @@
 {% block main %}

 <div class="container">
-<form action="{{login_url}}?next={{next}}" method="post" role="form">
-  <div class="auth-form-header">
-    Sign in
-  </div>
+<form action="{{post_url}}" method="post" role="form">
+  <h2 class="auth-form-header">
+    Change Password
+  </h2>
  <div class='auth-form-body'>

-    <p id='insecure-login-warning' class='hidden'>
-    Warning: JupyterHub seems to be served over an unsecured HTTP connection.
-    We strongly recommend enabling HTTPS for JupyterHub.
-    </p>

-    {% if login_error %}
-    <p class="login_error">
-      {{login_error}}
-    </p>
-    {% endif %}
-    <label for="username_input">Username:</label>
-    <input
-      id="username_input"
-      type="text"
-      autocapitalize="off"
-      autocorrect="off"
-      class="form-control"
-      name="username"
-      val="{{username}}"
-      tabindex="1"
-      autofocus="autofocus"
-    />
-    <label for='password_input'>Password:</label>
+    <label for='password_input'>New Password:</label>
    <input
      type="password"
      class="form-control"
@ -49,6 +28,11 @@
    />
  </div>
 </form>
+{% if result %}
+  <p>
+    {{result_message}}
+  </p>
+{% endif %}
 </div>

 {% endblock %}