Opened 15 years ago
Last modified 11 years ago
#296 closed defect (FIXED)
No way to change your password without going through "forgot password"
| Reported by: | Christopher Allan Webber | Owned by: | Jakob Kramer |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.2.0 |
| Component: | programming | Keywords: | |
| Cc: | Parent Tickets: |
Description
It should be possible for users to change their passwords from the "edit profile" page.
Pretty simply, this should work like: - Supply your current password - Supply your new password - Supply it again
This should be pretty easy to implement.
Change History (6)
comment:1 by , 15 years ago
| Owner: | set to |
|---|
comment:1 by , 15 years ago
comment:2 by , 15 years ago
One more request, if you're willing to do it... I'd love to see unit tests on this change-password / edit profile stuff. If you're willing to include that with this bug, that's be great. If not, I'm willing to open up a separate bug for it.
Thanks so much!
comment:3 by , 15 years ago
Christopher Webber wrote:
One more request, if you're willing to do it... I'd love to see unit tests on this change-password / edit profile stuff. If you're willing to include that with this bug, that's be great. If not, I'm willing to open up a separate bug for it.
Thanks so much!
Done... You might want to review the code ([https://gitorious.org/gandaro/mediagoblin/gandaros-mediagoblin/commit/c8ccd23e8e0d77df3e7382cd6330e0c993bbcc8e](https://gitorious.org/gandaro/mediagoblin/gandaros-mediagoblin/commit/c8ccd23e8e0d77df3e7382cd6330e0c993bbcc8e)) again.
Great work on this so far! I think this is mostly mergable as-is, but I'd love to see one change:
Instead of using the message to warn that the password didn't match, instead refuse to make any changes and mark the form with an error. You can see an example of how to do this by looking at the code in either auth/views.py:register() or submit/views.py:submit_start()
if users_with_username: register_form.username.errors.append( _(u'Sorry, a user with that name already exists.')) extra_validation_passes = Falseor whatever. I'd put the password_matches immediately after the "if.. form.validate():" line, mark the error if it doesn't match, and return immediately with the error'ed form.
One more thing:
password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'], user['pw_hash'])In leu of the python style guide, would probably good to do this like:
password_matches = auth_lib.bcrypt_check_password( request.POST['old_password'], user['pw_hash'])