Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add profile editing logic in the UI

Browse source
This commit is contained in:
Théophile Diot 2023-12-26 17:13:08 +00:00
parent e938d48ff9
commit 5f74b357ce
No known key found for this signature in database
GPG key ID: 248FEA4BAE400D06
3 changed files with 52 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/common/db/Database.py
View file

@ -1693,3 +1693,20 @@ class Database:
return format_exc()
return ""
def update_ui_user(self, username: str, password: bytes) -> str:
"""Update ui user."""
with self.__db_session() as session:
user = session.query(Users).filter_by(id=1).first()
if not user:
return "User not found"
user.username = username
user.password = password.decode("utf-8")
try:
session.commit()
except BaseException:
return format_exc()
return ""

54
src/ui/main.py
View file

@ -414,11 +414,11 @@ def setup():
error = True
if error:
return redirect(url_for("setup"))
return redirect(url_for("setup"), 400)
app.config["USER"] = User(request.form["admin_username"], request.form["admin_password"])
ret = db.create_ui_user(app.config["USER"].get_id(), app.config["USER"].password_hash)
ret = db.create_ui_user(request.form["admin_username"], app.config["USER"].password_hash)
if ret:
flash(f"Couldn't create the admin user in the database: {ret}", "error")
return redirect(url_for("setup"))
@ -531,37 +531,52 @@ def profile():
flash("Missing form data.", "error")
return redirect(url_for("profile"))
if not any(key in request.form for key in ("admin_username", "admin_password", "admin_password_check")):
flash("Missing either admin_username, admin_password or admin_password_check.", "error")
if "curr_password" not in request.form:
flash("Missing curr_password parameter.", "error")
return redirect(url_for("profile"))
error = False
if len(request.form["admin_username"]) > 256:
if not app.config["USER"].check_password(request.form["curr_password"]):
flash("The current password is incorrect.", "error")
error = True
if request.form.get("admin_username") and len(request.form["admin_username"]) > 256:
flash("The admin username is too long. It must be less than 256 characters.", "error")
error = True
if request.form["admin_password"] != request.form["admin_password_check"]:
flash("The passwords do not match.", "error")
if request.form.get("admin_password"):
if not request.form.get("admin_password_check"):
flash("Missing admin_password_check parameter.", "error")
error = True
elif request.form["admin_password"] != request.form["admin_password_check"]:
flash("The passwords do not match.", "error")
error = True
elif not USER_PASSWORD_RX.match(request.form["admin_password"]):
flash("The admin password is not strong enough. It must contain at least 8 characters, including at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character (#@?!$%^&*-).", "error")
error = True
elif request.form.get("admin_password_check"):
flash("Missing admin_password parameter.", "error")
error = True
if not USER_PASSWORD_RX.match(request.form["admin_password"]):
flash("The admin password is not strong enough. It must contain at least 8 characters, including at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character (#@?!$%^&*-).", "error")
if not error and not any(request.form.get(key) for key in ("admin_username", "admin_password")):
flash("Nothing to update.")
error = True
if error:
return redirect(url_for("profile"))
return redirect(url_for("profile"), 400)
# TODO: Update username and password (if changed)
return Response(status=200)
app.config["USER"] = User(request.form.get("admin_username") or app.config["USER"].get_id(), request.form.get("admin_password") or request.form["curr_password"])
return render_template(
"profile.html",
title="Profile",
username=getenv("ADMIN_USERNAME", ""),
password=getenv("ADMIN_PASSWORD", ""),
dark_mode=app.config["DARK_MODE"],
)
ret = db.update_ui_user(app.config["USER"].get_id(), app.config["USER"].password_hash)
if ret:
flash(f"Couldn't update the admin user in the database: {ret}", "error")
return redirect(url_for("profile"), 500)
logout_user()
return redirect(url_for("profile"))
return render_template("profile.html", username=app.config["USER"].get_id(), dark_mode=app.config["DARK_MODE"])
@app.route("/instances", methods=["GET", "POST"])
@ -1570,6 +1585,7 @@ def login():
# redirect him to the page he originally wanted or to the home page
return redirect(url_for("loading", next=next_url or url_for("home")))
else:
flash("Invalid username or password", "error")
fail = True
if fail:

4
src/ui/templates/profile.html vendored
View file

@ -63,10 +63,8 @@ url_for(request.endpoint)[1:].split("/")[-1].strip() %}
name="admin_username"
class="col-span-12 regular-input"
placeholder="enter username"
value="{{ username }}"
pattern="(.*?)"
maxlength="256"
required
/>
</div>
<!-- end username inpt-->
@ -148,7 +146,6 @@ url_for(request.endpoint)[1:].split("/")[-1].strip() %}
value=""
pattern="^(?=.*?\d)(?=.*?[ !\u0022#$%&'\(\)*+,.\/:;<=>?@\[\\\]^_`\u007B\u007C\u007D\u007E\u002D]).{8,}$"
minlength="8"
required
/>
<div
data-setting-password-container
@ -208,7 +205,6 @@ url_for(request.endpoint)[1:].split("/")[-1].strip() %}
value=""
pattern="^(?=.*?\d)(?=.*?[ !\u0022#$%&'\(\)*+,.\/:;<=>?@\[\\\]^_`\u007B\u007C\u007D\u007E\u002D]).{8,}$"
minlength="8"
required
/>
<div
data-setting-password-container