added gen_password_hash and check_password functions to auth/__init__

[mediagoblin.git] / mediagoblin / edit / views.py

diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index b0d8dd5d0111de135bc370b51c97301f2aad08ad..9db1c3f9d5cdd5c9f771f22ce5ae68338e312103 100644 (file)
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -22,14 +22,15 @@ from werkzeug.utils import secure_filename
 from mediagoblin import messages
 from mediagoblin import mg_globals
 
-from mediagoblin.auth import lib as auth_lib
+from mediagoblin import auth
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import (require_active_login, active_user_from_url,
      get_media_entry_by_id,
      user_may_alter_collection, get_user_collection)
-from mediagoblin.tools.response import render_to_response, redirect
-from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+from mediagoblin.tools.response import render_to_response, \
+    redirect, redirect_obj
+from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.tools.text import (
     convert_to_tag_list_of_dicts, media_tags_as_string)
 from mediagoblin.tools.url import slugify
@@ -74,8 +75,7 @@ def edit_media(request, media):
             media.slug = slug
             media.save()
 
-            return redirect(request,
-                            location=media.url_for_self(request.urlgen))
+            return redirect_obj(request, media)
 
     if request.user.is_admin \
             and media.uploader != request.user.id \
@@ -228,18 +228,6 @@ def edit_account(request):
             user.wants_comment_notification = \
                 form.wants_comment_notification.data
 
-        if form_validated and \
-                form.new_password.data or form.old_password.data:
-            password_matches = auth_lib.bcrypt_check_password(
-                form.old_password.data,
-                user.pw_hash)
-            if password_matches:
-                #the entire form validates and the password matches
-                user.pw_hash = auth_lib.bcrypt_gen_password_hash(
-                    form.new_password.data)
-            else:
-                form.old_password.errors.append(_('Wrong password'))
-
         if form_validated and \
                 form.license_preference.validate(form):
             user.license_preference = \
@@ -331,9 +319,7 @@ def edit_collection(request, collection):
 
             collection.save()
 
-            return redirect(request, "mediagoblin.user_pages.user_collection",
-                            user=collection.get_creator.username,
-                            collection=collection.slug)
+            return redirect_obj(request, collection)
 
     if request.user.is_admin \
             and collection.creator != request.user.id \
@@ -347,3 +333,39 @@ def edit_collection(request, collection):
         'mediagoblin/edit/edit_collection.html',
         {'collection': collection,
          'form': form})
+
+
+@require_active_login
+def change_pass(request):
+    form = forms.ChangePassForm(request.form)
+    user = request.user
+
+    if request.method == 'POST' and form.validate():
+
+        if not auth_lib.bcrypt_check_password(
+                form.old_password.data, user.pw_hash):
+            form.old_password.errors.append(
+                _('Wrong password'))
+
+            return render_to_response(
+                request,
+                'mediagoblin/edit/change_pass.html',
+                {'form': form,
+                 'user': user})
+
+        # Password matches
+        user.pw_hash = auth_lib.bcrypt_gen_password_hash(
+            form.new_password.data)
+        user.save()
+
+        messages.add_message(
+            request, messages.SUCCESS,
+            _('Your password was changed successfully'))
+
+        return redirect(request, 'mediagoblin.edit.account')
+
+    return render_to_response(
+        request,
+        'mediagoblin/edit/change_pass.html',
+        {'form': form,
+         'user': user})