Remove options to change username and email.

2025-07-30 15:25:19 +00:00 · 2019-07-12 17:23:11 +02:00
parent 6d1be8f391
commit 735802d88e
3 changed files with 56 additions and 47 deletions
--- a/app/auth/views.py
+++ b/app/auth/views.py
@@ -2,7 +2,7 @@ from flask import flash, redirect, render_template, request, url_for
 from flask_login import current_user, login_required, login_user, logout_user
 from . import auth
 from .. import db
-from .forms import ChangeAccountForm, LoginForm, PasswordResetForm, PasswordResetRequestForm, RegistrationForm
+from .forms import ChangePasswordForm, LoginForm, PasswordResetForm, PasswordResetRequestForm, RegistrationForm
 from ..email import send_email
 from ..models import User

@@ -20,7 +20,7 @@ def login():
            if next is None or not next.startswith('/'):
                next = url_for('main.index')
            return redirect(next)
-        flash('<span class="red-text">Invalid username or password.</span>')
+        flash('Invalid username or password.')
    return render_template('auth/login.html.j2', form=form, title='Log in')


@@ -135,20 +135,18 @@ def settings():
    """
    View where loged in User can change own User information like Password etc.
    """
-    form = ChangeAccountForm()
-    if form.validate_on_submit():
-        flash('It is just a test, nothing changed.')
-        if form.username.data:
-            current_user.username = form.username.data
+    change_password_form = ChangePasswordForm()
+    if change_password_form.validate_on_submit():
+        if current_user.verify_password(change_password_form.old_password.data):
+            current_user.password = change_password_form.new_password.data
            db.session.add(current_user)
-        if form.email.data:
-            current_user.email = form.email.data
-            current_user.confirmed = False
-            db.session.add(current_user)
-            resend_confirmation()
-        if form.password.data:
-            current_user.password = form.password.data
-        db.session.commit()
-        return redirect(url_for('auth.settings'))
-    return render_template('auth/settings.html.j2', form=form,
-                           title='Settings')
+            db.session.commit()
+            flash('Your password has been updated.')
+            return redirect(url_for('auth.settings'))
+        else:
+            flash('Invalid password.')
+    return render_template(
+        'auth/settings.html.j2',
+        form=change_password_form,
+        title='Settings'
+    )