add: change password

2023-10-24 17:20:16 +02:00 · 2023-10-24 17:20:16 +02:00 · 82f2e4647c
commit 82f2e4647c
parent a17fa07805
3 changed files with 41 additions and 1 deletions
--- a/django/trancendence/accounts/templates/change_password.html
+++ b/django/trancendence/accounts/templates/change_password.html
@ -0,0 +1,9 @@
+<html>
+    <form method='post'>
+        {% csrf_token %}
+        <input type="text" name="username" placeholder="username">
+        <input type="text" name="current_password" placeholder="current_password">
+        <input type="text" name="new_password" placeholder="new_password">
+        <input type='submit'>
+    </form>
+</html>
--- a/django/trancendence/accounts/urls.py
+++ b/django/trancendence/accounts/urls.py
@ -6,4 +6,5 @@ urlpatterns = [
    path("login", views.Login.as_view(), name="login"),
    path("register", views.Register.as_view(), name="register"),
    path("delete", views.Delete.as_view(), name="delete"),
+    path("change_password", views.ChangePassword.as_view(), name="delete"),
 ]
--- a/django/trancendence/accounts/views.py
+++ b/django/trancendence/accounts/views.py
@ -72,4 +72,34 @@ class Delete(View):
        
        user.delete()
        
-        return HttpResponse("ok: account has been deleted")
+        return HttpResponse("ok: account has been deleted")
+    
+class ChangePassword(View):
+    def get(self, request):
+        return render(request, "change_password.html")
+    
+    def post(self, request):
+        username = request.POST.get("username")
+        if (username == None):
+            return HttpResponse("error: username or password invalid")
+        
+        current_password = request.POST.get("current_password")
+        if (current_password == None):
+            return HttpResponse("error: username or password invalid")
+        
+        query: QuerySet = User.objects.filter(username=username)
+        if (not query.exists()):
+            return HttpResponse("error: username or password invalid")
+        
+        user: User = User.objects.get(username=username)
+        if (not user.check_password(current_password)):
+            return HttpResponse("error: username or password invalid")
+        
+        new_password = request.POST.get("new_password")
+        if (new_password == None or len(new_password) < 3):
+            return HttpResponse("error: new password too short")
+        
+        user.set_password(new_password)
+        user.save()
+        
+        return HttpResponse("ok: password has been updated")