diff --git a/pagure/login_forms.py b/pagure/login_forms.py
index 0518fd0..3755310 100644
--- a/pagure/login_forms.py
+++ b/pagure/login_forms.py
@@ -86,3 +86,18 @@ class NewUserForm(wtf.Form):
'Confirm password *',
[wtforms.validators.Required(), same_password]
)
+
+class ChangePasswordForm(wtf.Form):
+ """ Form to reset one's password in the local database. """
+ old_password = wtforms.PasswordField(
+ 'Old Password *',
+ [wtforms.validators.Required()]
+ )
+ password = wtforms.PasswordField(
+ 'Password *',
+ [wtforms.validators.Required()]
+ )
+ confirm_password = wtforms.PasswordField(
+ 'Confirm password *',
+ [wtforms.validators.Required(), same_password]
+ )
diff --git a/pagure/templates/login/password_change.html b/pagure/templates/login/password_change.html
index bef3946..26a5836 100644
--- a/pagure/templates/login/password_change.html
+++ b/pagure/templates/login/password_change.html
@@ -1,6 +1,7 @@
{% extends "master.html" %}
{% from "_formhelper.html" import render_bootstrap_field %}
+<<<<<<< HEAD
{% block title %}Lost password{% endblock %}
{% set tag = "home" %}
@@ -25,5 +26,27 @@
+=======
+{% block title %}Change password{% endblock %}
+{%block tag %}home{% endblock %}
+
+{% block content %}
+Change password
+
+
+>>>>>>> Add a change password link for local auth
{% endblock %}
diff --git a/pagure/templates/user_settings.html b/pagure/templates/user_settings.html
index 69db47d..bcd9528 100644
--- a/pagure/templates/user_settings.html
+++ b/pagure/templates/user_settings.html
@@ -38,6 +38,7 @@
{% block content %}
+<<<<<<< HEAD
@@ -64,6 +65,26 @@
+=======
+
+
+ {{ user.user }}'s settings
+
+
+
+ | Full name |
+ {{ user.fullname }} |
+
+
+ |
+ {% if config.get('PAGURE_AUTH')=='local' %}
+ Change password
+ {% endif %}
+ |
+
+
+ | Emails |
+>>>>>>> Add a change password link for local auth
{% for email in user.emails %}
{{ render_email(email, form) }}
{% endfor %}
diff --git a/pagure/ui/login.py b/pagure/ui/login.py
index 2117514..ede0308 100644
--- a/pagure/ui/login.py
+++ b/pagure/ui/login.py
@@ -262,6 +262,44 @@ def reset_password(token):
# Methods specific to local login.
#
+@APP.route('/password/change//', methods=['GET', 'POST'])
+@APP.route('/password/change/', methods=['GET', 'POST'])
+def change_password(username):
+ """ Method to change the password for local auth users.
+ """
+ form = forms.ChangePasswordForm()
+ user_obj = pagure.lib.search_user(SESSION, username=username)
+ if not user_obj:
+ flask.flash('No user associated with this username.', 'error')
+ return flask.redirect(flask.url_for('auth_login'))
+ if form.validate_on_submit():
+ old_password = '%s%s' % (
+ form.old_password.data, APP.config.get('PASSWORD_SEED', None))
+ if user_obj.password == hashlib.sha512(old_password).hexdigest():
+ password = '%s%s' % (
+ form.password.data, APP.config.get('PASSWORD_SEED', None))
+ user_obj.password = hashlib.sha512(password).hexdigest()
+ SESSION.add(user_obj)
+
+ try:
+ SESSION.commit()
+ flask.flash(
+ 'Password changed')
+ except SQLAlchemyError as err:
+ SESSION.rollback()
+ flask.flash('Could not set the new password.', 'error')
+ APP.logger.debug(
+ 'Password lost change - Error setting password.')
+ APP.logger.exception(err)
+
+ return flask.redirect(flask.url_for('auth_login'))
+
+ return flask.render_template(
+ 'login/password_change.html',
+ form=form,
+ username=username,
+ )
+
def send_confirmation_email(user):
""" Sends the confirmation email asking the user to confirm its email