diff --git a/pagure/templates/login/password_recover.html b/pagure/templates/login/password_recover.html
index 57d9f92..a61a452 100644
--- a/pagure/templates/login/password_recover.html
+++ b/pagure/templates/login/password_recover.html
@@ -1,25 +1,34 @@
{% extends "master.html" %}
-{% from "_formhelper.html" import render_field_in_row %}
+{% from "_formhelper.html" import render_bootstrap_field %}
{% block title %}Change password{% endblock %}
{%block tag %}home{% endblock %}
{% block content %}
-
Change password
-
-
+
{% endblock %}
diff --git a/pagure/templates/user_settings.html b/pagure/templates/user_settings.html
index bcd9528..0ff9e40 100644
--- a/pagure/templates/user_settings.html
+++ b/pagure/templates/user_settings.html
@@ -38,7 +38,6 @@
{% block content %}
-<<<<<<< HEAD
@@ -65,26 +64,6 @@
-=======
-
-
- {{ user.user }}'s settings
-
-
-
- Full name |
- {{ user.fullname }} |
-
-
-
- {% if config.get('PAGURE_AUTH')=='local' %}
- Change password
- {% endif %}
- |
-
-
- Emails |
->>>>>>> Add a change password link for local auth
{% for email in user.emails %}
{{ render_email(email, form) }}
{% endfor %}
@@ -109,7 +88,12 @@
-
+
+ {% if config.get('PAGURE_AUTH')=='local' %}
+
Change password
+ {% endif %}
+
+
{% endblock %}
diff --git a/pagure/ui/login.py b/pagure/ui/login.py
index d32b340..de925c0 100644
--- a/pagure/ui/login.py
+++ b/pagure/ui/login.py
@@ -45,7 +45,7 @@ def new_user():
flask.flash('Email address already taken.', 'error')
return flask.redirect(flask.request.url)
- password = bcrypt.hashpw(form.password.data, bcrypt.gensalt())
+ password = bcrypt.hashpw(str(form.password.data), bcrypt.gensalt())
form.password.data = password
token = pagure.lib.login.id_generator(40)
@@ -100,17 +100,20 @@ def do_login():
username = form.username.data
user_obj = pagure.lib.search_user(SESSION, username=username)
- password = bcrypt.hashpw(form.password.data, user_obj.password)
+ try:
+ password = bcrypt.hashpw(str(form.password.data), user_obj.password)
+ except ValueError:
+ password = '%s%s' % (form.password.data, APP.config.get('PASSWORD_SEED', None))
+ password = hashlib.sha512(password).hexdigest()
if not user_obj or user_obj.password != password:
- print user_obj.password, password
flask.flash('Username or password invalid.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif user_obj.token:
flask.flash(
'Invalid user, did you confirm the creation with the url '
- 'provided by email?', 'error')
- return flask.redirect(flask.url_for('auth_login'))
+ 'provided by email?', 'error')
+ return flask.redirect(flask.url_for('auth_login'))
else:
visit_key = pagure.lib.login.id_generator(40)
now = datetime.datetime.utcnow()
@@ -232,7 +235,7 @@ def reset_password(token):
if form.validate_on_submit():
- user_obj.password = bcrypt.hashpw(form.password.data, bcrypt.gensalt())
+ user_obj.password = bcrypt.hashpw(str(form.password.data), bcrypt.gensalt())
user_obj.token = None
SESSION.add(user_obj)
@@ -271,9 +274,9 @@ def change_password(username):
flask.flash('No user associated with this username.', 'error')
return flask.redirect(flask.url_for('auth_login'))
if form.validate_on_submit():
- old_password = bcrypt.hashpw(form.old_password.data, user_obj.password)
+ old_password = bcrypt.hashpw(str(orm.old_password.data), user_obj.password)
if user_obj.password == old_password:
- user_obj.password = bcrypt.hashpw(form.password.data, bcrypt.gensalt())
+ user_obj.password = bcrypt.hashpw(str(form.password.data), bcrypt.gensalt())
SESSION.add(user_obj)
try:
diff --git a/requirements.txt b/requirements.txt
index 82074eb..c65e4df 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -26,3 +26,4 @@ sqlalchemy >= 0.8
straight.plugin==1.4.0-post-1
trollius-redis
wtforms
+bcrypt