From 63c7f0336aba7f9782e5007347bf9cc0ca42273b Mon Sep 17 00:00:00 2001
From: Socks <me@sockspls.com>
Date: Fri, 6 Apr 2018 19:33:14 +0100
Subject: [PATCH] Added ability to change account password

---
 Tweeder.py                | 21 +++++++++++++++++++++
 backend/accounts.py       | 11 +++++++++++
 templates/changepass.html | 26 ++++++++++++++++++++++++++
 templates/settings.html   |  6 ++++++
 4 files changed, 64 insertions(+)
 create mode 100644 templates/changepass.html

diff --git a/Tweeder.py b/Tweeder.py
index 7a8f10f..3bbba91 100644
--- a/Tweeder.py
+++ b/Tweeder.py
@@ -175,6 +175,27 @@ def user_settings():
                                theme=accounts.get_theme(session['username'].lower()))
 
 
+@app.route("/changepass", methods=['GET', 'POST'])
+def changepass():
+    logged_in = session['username'] if ('username' in session.keys()) else False
+    if not logged_in: return redirect(url_for('login'))
+    if request.method == 'GET':
+        return render_template('changepass.html', logged_in=logged_in, title="Change Password")
+    elif request.method == 'POST':
+        if request.form['new'] != request.form['confirm']:
+            return render_template('changepass.html', logged_in=logged_in, title="Change Password",
+                                   error="Passwords do not match!")
+        if request.form['new'] == '':
+            return render_template('changepass.html', logged_in=logged_in, title="Change Password",
+                                   error="New password cannot be blank!")
+        if accounts.change_password(logged_in, request.form['current'], request.form['new']):
+            return render_template('changepass.html', logged_in=logged_in, title="Change Password",
+                                   error="Old password was incorrect!")
+        else:
+            return render_template('changepass.html', logged_in=logged_in, title="Change Password",
+                                   success="Password changed successfully!")
+
+
 @app.route("/delete/<post_id>", methods=['GET'])
 def delete_post(post_id):
     if 'username' not in session.keys(): return redirect(url_for('login'))
diff --git a/backend/accounts.py b/backend/accounts.py
index c44ebc7..f3564c6 100644
--- a/backend/accounts.py
+++ b/backend/accounts.py
@@ -86,6 +86,17 @@ def validate_username(username):
     return 0
 
 
+def change_password(username, oldpass, newpass):
+    username = username.lower()
+    hashed_password = account_details(username)['password']
+    if hashed_password != bcrypt.hashpw(str.encode(oldpass), hashed_password):
+        return 1  # Old password is incorrect
+    new_hashed = bcrypt.hashpw(str.encode(newpass), bcrypt.gensalt(14))
+    accounts_db.update_one({'username': username},
+                           {'$set': {'password': new_hashed}}, upsert=True)
+    return 0  # All good :)
+
+
 def create_account(email, username, password):
     displayname = username
     username = username.lower()
diff --git a/templates/changepass.html b/templates/changepass.html
new file mode 100644
index 0000000..fca76d7
--- /dev/null
+++ b/templates/changepass.html
@@ -0,0 +1,26 @@
+{% extends 'layout.html' %}
+{% block content %}
+    <div class="container">
+        {% if success %}
+            <div class="alert alert-success alert-dismissable fade show">
+                <a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
+                <b>Success!</b> {{ success }}
+            </div>
+        {% endif %}
+        {% if error %}
+            <div class="alert alert-danger alert-dismissable fade show">
+                <a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
+                <b>Error!</b> {{ error }}
+            </div>
+        {% endif %}
+        <form method="POST" action="/changepass" class="col-lg-6" enctype="multipart/form-data">
+                <div class="form-group">
+                    <h2>Change Password</h2>
+                    <input type="password" name="current" class="form-control mb-2" placeholder="Current Password"/>
+                    <input type="password" name="new" class="form-control mb-2" placeholder="New Password"/>
+                    <input type="password" name="confirm" class="form-control mb-2" placeholder="Confirm Password"/>
+                    <button type="submit" class="btn btn-primary">Change Password</button>
+                </div>
+        </form>
+    </div>
+{% endblock %}
\ No newline at end of file
diff --git a/templates/settings.html b/templates/settings.html
index 50f072a..ca90186 100644
--- a/templates/settings.html
+++ b/templates/settings.html
@@ -81,6 +81,12 @@
                     </div>
                 </div>
 
+                <h2>Account Settings</h2>
+
+                <div class="input-group mb-3">
+                    <a href="/changepass" class="btn btn-link">I want to change my password</a>
+                </div>
+
                 <button type="submit" class="btn btn-primary">Save</button>
             </div>
         </form>