Legacy issue tracker

You are currently viewing the legacy bug tracker for MediaGoblin. We have now switched to code hosting and issue tracking at SourceHut.

This legacy issue tracker remains available to allow us to reference old issues. If you find a ticket here which is still relevant, please feel free to continue the discussion. For new issues, please use SourceHut.

Context Navigation

← Previous Ticket
Next Ticket →

Opened 13 years ago

Last modified 10 years ago

#296 closed defect (FIXED)

No way to change your password without going through "forgot password"

Reported by:	Christopher Allan Webber	Owned by:	Jakob Kramer
Priority:	minor	Milestone:	0.2.0
Component:	programming	Keywords:
Cc:		Parent Tickets:

Description

It should be possible for users to change their passwords from the
"edit profile" page.

Pretty simply, this should work like:
- Supply your current password
- Supply your new password
- Supply it again

This should be pretty easy to implement.

Change History (6)

comment:1 by Jakob Kramer, 13 years ago

Owner:	set to Jakob Kramer

comment:1 by Christopher Allan Webber, 13 years ago

Great work on this so far! I think this is mostly mergable as-is,
but I'd love to see one change:

Instead of using the message to warn that the password didn't
match, instead refuse to make any changes and mark the form with an
error. You can see an example of how to do this by looking at the
code in either auth/views.py:register() or
submit/views.py:submit\_start()

::

            if users_with_username:
                register_form.username.errors.append(
                    _(u'Sorry, a user with that name already exists.'))
                extra_validation_passes = False

or whatever. I'd put the password\_matches immediately after the
"if.. form.validate():" line, mark the error if it doesn't match,
and return immediately with the error'ed form.

One more thing:

::

            password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'],
                                                              user['pw_hash'])

In leu of the python style guide, would probably good to do this
like:

::

            password_matches = auth_lib.bcrypt_check_password(
                request.POST['old_password'],
                user['pw_hash'])

comment:2 by Christopher Allan Webber, 13 years ago

One more request, if you're willing to do it... I'd love to see
unit tests on this change-password / edit profile stuff. If you're
willing to include that with this bug, that's be great. If not, I'm
willing to open up a separate bug for it.

Thanks so much!

comment:3 by Jakob Kramer, 13 years ago

Christopher Webber wrote:

    One more request, if you're willing to do it... I'd love to see
    unit tests on this change-password / edit profile stuff. If you're
    willing to include that with this bug, that's be great. If not, I'm
    willing to open up a separate bug for it.

    Thanks so much!


Done... You might want to review the code
([https://gitorious.org/\ :sub:`gandaro/mediagoblin/gandaros-mediagoblin/commit/c8ccd23e8e0d77df3e7382cd6330e0c993bbcc8e](https://gitorious.org/`\ gandaro/mediagoblin/gandaros-mediagoblin/commit/c8ccd23e8e0d77df3e7382cd6330e0c993bbcc8e))
again.

comment:4 by Christopher Allan Webber, 13 years ago

Status:	New → Closed

Reviewed the code. Looks great! Merged and pushed!

comment:5 by Will Kahn-Greene, 13 years ago

The original url for this bug was http://bugs.foocorp.net/issues/643 .

Note: See TracTickets for help on using tickets.

Download in other formats: