From 4837b2f253e7f525eb4eb97a574c8af68c0ff570 Mon Sep 17 00:00:00 2001
From: Jakob Kramer <jakob.kramer@gmx.de>
Date: Sat, 19 Nov 2011 22:17:21 +0100
Subject: [PATCH] added support for changing the password, issue #643

---
 mediagoblin/edit/forms.py | 13 +++++++++++++
 mediagoblin/edit/views.py | 34 ++++++++++++++++++++++++----------
 2 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py
index 7e71722c..ec4e22b3 100644
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@@ -43,6 +43,19 @@ class EditProfileForm(wtforms.Form):
         _('Website'),
         [wtforms.validators.Optional(),
          wtforms.validators.URL(message='Improperly formed URL')])
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Optional()])
+    new_password = wtforms.PasswordField(
+        _('New Password'),
+        [wtforms.validators.Optional(),
+         wtforms.validators.Length(min=6, max=30),
+         wtforms.validators.EqualTo(
+                'confirm_password',
+                'Passwords must match.')])
+    confirm_password = wtforms.PasswordField(
+        'Confirm password',
+        [wtforms.validators.Optional()])
 
 
 class EditAttachmentsForm(wtforms.Form):
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 5f781552..75bf51bf 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -26,6 +26,7 @@ from werkzeug.utils import secure_filename
 from mediagoblin import messages
 from mediagoblin import mg_globals
 
+from mediagoblin.auth import lib as auth_lib
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import require_active_login, get_user_media_entry
@@ -161,19 +162,32 @@ def edit_profile(request):
         bio=user.get('bio'))
 
     if request.method == 'POST' and form.validate():
-            user['url'] = unicode(request.POST['url'])
-            user['bio'] = unicode(request.POST['bio'])
+        user['url'] = unicode(request.POST['url'])
+        user['bio'] = unicode(request.POST['bio'])
 
-            user['bio_html'] = cleaned_markdown_conversion(user['bio'])
-
-            user.save()
+        password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'],
+                                                          user['pw_hash'])
 
+        if (request.POST['old_password'] or request.POST['new_password']) and not \
+                password_matches:
             messages.add_message(request,
-                                 messages.SUCCESS,
-                                 _("Profile edited!"))
-            return redirect(request,
-                           'mediagoblin.user_pages.user_home',
-                            user=edit_username)
+                                 messages.ERROR,
+                                 _('Wrong password'))
+
+        if password_matches:
+            user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+                request.POST['new_password'])
+
+        user['bio_html'] = cleaned_markdown_conversion(user['bio'])
+
+        user.save()
+
+        messages.add_message(request,
+                             messages.SUCCESS,
+                             _("Profile edited!"))
+        return redirect(request,
+                       'mediagoblin.user_pages.user_home',
+                        user=edit_username)
 
     return render_to_response(
         request,
-- 
2.25.1