Opened 12 years ago

Last modified 9 years ago

#296 closed defect (FIXED)

No way to change your password without going through "forgot password"

Reported by: Christopher Allan Webber Owned by: Jakob Kramer
Priority: minor Milestone: 0.2.0
Component: programming Keywords:
Cc: Parent Tickets:

Description

It should be possible for users to change their passwords from the
"edit profile" page.

Pretty simply, this should work like:
- Supply your current password
- Supply your new password
- Supply it again

This should be pretty easy to implement.



Change History (6)

comment:1 by Jakob Kramer, 12 years ago

Owner: set to Jakob Kramer

comment:1 by Christopher Allan Webber, 12 years ago

Great work on this so far! I think this is mostly mergable as-is,
but I'd love to see one change:

Instead of using the message to warn that the password didn't
match, instead refuse to make any changes and mark the form with an
error. You can see an example of how to do this by looking at the
code in either auth/views.py:register() or
submit/views.py:submit\_start()

::

            if users_with_username:
                register_form.username.errors.append(
                    _(u'Sorry, a user with that name already exists.'))
                extra_validation_passes = False

or whatever. I'd put the password\_matches immediately after the
"if.. form.validate():" line, mark the error if it doesn't match,
and return immediately with the error'ed form.

One more thing:

::

            password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'],
                                                              user['pw_hash'])

In leu of the python style guide, would probably good to do this
like:

::

            password_matches = auth_lib.bcrypt_check_password(
                request.POST['old_password'],
                user['pw_hash'])



comment:2 by Christopher Allan Webber, 12 years ago

One more request, if you're willing to do it... I'd love to see
unit tests on this change-password / edit profile stuff. If you're
willing to include that with this bug, that's be great. If not, I'm
willing to open up a separate bug for it.

Thanks so much!



comment:3 by Jakob Kramer, 12 years ago

Christopher Webber wrote:

    One more request, if you're willing to do it... I'd love to see
    unit tests on this change-password / edit profile stuff. If you're
    willing to include that with this bug, that's be great. If not, I'm
    willing to open up a separate bug for it.

    Thanks so much!


Done... You might want to review the code
([https://gitorious.org/\ :sub:`gandaro/mediagoblin/gandaros-mediagoblin/commit/c8ccd23e8e0d77df3e7382cd6330e0c993bbcc8e](https://gitorious.org/`\ gandaro/mediagoblin/gandaros-mediagoblin/commit/c8ccd23e8e0d77df3e7382cd6330e0c993bbcc8e))
again.



comment:4 by Christopher Allan Webber, 12 years ago

Status: NewClosed
Reviewed the code. Looks great! Merged and pushed!



comment:5 by Will Kahn-Greene, 12 years ago

The original url for this bug was http://bugs.foocorp.net/issues/643 .

Note: See TracTickets for help on using tickets.