From eedc6c170d6d00e62843da21655296880eb56e5d Mon Sep 17 00:00:00 2001 From: UnKnoWn Date: Wed, 17 May 2017 02:00:01 +0800 Subject: [PATCH 1/8] Added tabs to make profile more organized --- nyaa/templates/profile.html | 93 +++++++++++++++++++++++-------------- 1 file changed, 59 insertions(+), 34 deletions(-) diff --git a/nyaa/templates/profile.html b/nyaa/templates/profile.html index 2e6e659..a60e676 100644 --- a/nyaa/templates/profile.html +++ b/nyaa/templates/profile.html @@ -4,40 +4,65 @@ {% from "_formhelpers.html" import render_field %}

Edit Profile

-
- {{ form.csrf_token }} -
-
- {{ render_field(form.email, class_='form-control', placeholder='New email address') }} -
-
+
+ +
+
+ + {{ form.csrf_token }} +
+
+ {{ render_field(form.current_password, class_='form-control', placeholder='Current password') }} +
+
+
+
+ {{ render_field(form.new_password, class_='form-control', placeholder='New password') }} +
+
+
+
+ {{ render_field(form.password_confirm, class_='form-control', placeholder='New password (confirm)') }} +
+
+
+
+
+ +
+
+ +
+
+
+ {{ form.csrf_token }} +
+
+ {{ render_field(form.email, class_='form-control', placeholder='New email address') }} +
+
+
+
+ {{ render_field(form.current_password, class_='form-control', placeholder='Current password') }} +
+
+
+
+
+ +
+
+
+
+
+
-
-
- {{ render_field(form.current_password, class_='form-control', placeholder='Current password') }} -
-
- -
-
- {{ render_field(form.new_password, class_='form-control', placeholder='New password') }} -
-
- -
-
- {{ render_field(form.password_confirm, class_='form-control', placeholder='New password (confirm)') }} -
-
- -
- -
-
- -
-
- {% endblock %} - From 1fb249be351147a50ebc151371a42070f580dac6 Mon Sep 17 00:00:00 2001 From: UnKnoWn Date: Wed, 17 May 2017 05:10:25 +0800 Subject: [PATCH 2/8] Enforce password check on email change Updated route handler to enforce current password check on all account details. --- nyaa/routes.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nyaa/routes.py b/nyaa/routes.py index dbf8123..30b3135 100644 --- a/nyaa/routes.py +++ b/nyaa/routes.py @@ -403,6 +403,11 @@ def profile(): new_password = form.new_password.data if new_email: + # enforce password check on email change too + if form.current_password.data != user.password_hash: + flask.flash(flask.Markup( + 'Email change failed! Incorrect password.'), 'danger') + return flask.redirect('/profile') user.email = form.email.data if new_password: @@ -624,4 +629,4 @@ def site_help(): @app.route('/api/upload', methods = ['POST']) def api_upload(): api_response = api_handler.api_upload(flask.request) - return api_response \ No newline at end of file + return api_response From 6792716903c853e226c6e6e718a663a6bec4eb23 Mon Sep 17 00:00:00 2001 From: UnKnoWn Date: Wed, 17 May 2017 05:13:55 +0800 Subject: [PATCH 3/8] Current password required for all profile action Current password is required for all actions on profile (email change, password change, any to be added later, etc...) --- nyaa/forms.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nyaa/forms.py b/nyaa/forms.py index 6a6508a..c22ef1c 100644 --- a/nyaa/forms.py +++ b/nyaa/forms.py @@ -79,7 +79,7 @@ class ProfileForm(FlaskForm): Unique(User, User.email, 'Email is taken') ]) - current_password = PasswordField('Current password', [Optional()]) + current_password = PasswordField('Current password', [Required()]) new_password = PasswordField('New password (confirm)', [ Optional(), From 1ac211276e89325ac886ee2d381851c6458d52a5 Mon Sep 17 00:00:00 2001 From: UnKnoWn Date: Wed, 17 May 2017 05:19:00 +0800 Subject: [PATCH 4/8] Added tabs to make profile more organized --- nyaa/templates/profile.html | 98 ++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 50 deletions(-) diff --git a/nyaa/templates/profile.html b/nyaa/templates/profile.html index a60e676..4dbfea5 100644 --- a/nyaa/templates/profile.html +++ b/nyaa/templates/profile.html @@ -5,63 +5,61 @@

Edit Profile

-
- -
-
-
- {{ form.csrf_token }} -
-
- {{ render_field(form.current_password, class_='form-control', placeholder='Current password') }} -
+ +
+
+ + {{ form.csrf_token }} +
+
+ {{ render_field(form.current_password, class_='form-control', placeholder='Current password') }}
-
-
- {{ render_field(form.new_password, class_='form-control', placeholder='New password') }} -
+
+
+
+ {{ render_field(form.new_password, class_='form-control', placeholder='New password') }}
-
-
- {{ render_field(form.password_confirm, class_='form-control', placeholder='New password (confirm)') }} -
+
+
+
+ {{ render_field(form.password_confirm, class_='form-control', placeholder='New password (confirm)') }}
-
-
-
- -
+
+
+
+
+
- -
-
-
- {{ form.csrf_token }} -
-
- {{ render_field(form.email, class_='form-control', placeholder='New email address') }} -
+
+
+
+
+
+ {{ form.csrf_token }} +
+
+ {{ render_field(form.email, class_='form-control', placeholder='New email address') }}
-
-
- {{ render_field(form.current_password, class_='form-control', placeholder='Current password') }} -
+
+
+
+ {{ render_field(form.current_password, class_='form-control', placeholder='Current password') }}
-
-
-
- -
+
+
+
+
+
- -
+
+
From f044170acb0daca04480342ca050917c95408364 Mon Sep 17 00:00:00 2001 From: UnKnoWn Date: Wed, 17 May 2017 05:35:01 +0800 Subject: [PATCH 5/8] Update profile.html --- nyaa/templates/profile.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nyaa/templates/profile.html b/nyaa/templates/profile.html index 4dbfea5..c04d78d 100644 --- a/nyaa/templates/profile.html +++ b/nyaa/templates/profile.html @@ -5,7 +5,7 @@

Edit Profile

-