Users can change password and update profiles

main.py

@@ -102,15 +102,43 @@ def login_key(username, key):
     else:
         connect_user(user)
         # :TODO:maethor:120528: Remplacer la clé pour qu'elle ne puisse plus être utilisée
-        return redirect(url_for('home'))
+        flash(u"Veuillez mettre à jour votre mot de passe", 'info')
+        return redirect(url_for('user_password'), username=user['name'])
 
 #---------------
 # User settings
 
-@app.route('/user/settings/<username>')
+@app.route('/user/<username>')
 def show_user(username):
     if username != session.get('username'):
         abort(401)
+    return render_template('show_user.html')
+
+@app.route('/user/settings/<username>', methods=['GET', 'POST'])
+def user_settings(username):
+    if username != session.get('username'):
+        abort(401)
+    if request.method == 'POST':
+        g.db.execute('update users set email = ?, name = ?, organization = ? where id = ?',
+                [request.form['email'], request.form['name'], request.form['organization'], session['userid']])
+        g.db.commit()
+        disconnect_user()
+        flash(u'Votre profil a été mis à jour !', 'success')
+        return redirect(url_for('login'))
+    return render_template('user_settings.html')
+
+@app.route('/user/password/<username>', methods=['GET', 'POST'])
+def user_password(username):
+    if username != session.get('username'):
+        abort(401)
+    if request.method == 'POST':
+        if request.form['password'] == request.form['password2']:
+            # :TODO:maethor:120528: Chiffrer le mot de passe !
+            g.db.execute('update users set password = ? where id = ?', [request.form['password'], session['userid']])
+            g.db.commit()
+            flash(u'Votre mot de passe a été mis à jour.', 'success')
+        else:
+            flash(u'Les mots de passe sont différents.', 'error')
     return render_template('user_settings.html')
 
 #------------

schema.sql

@@ -5,7 +5,7 @@ create table users (
     id INTEGER primary key autoincrement,
     email TEXT unique not null,
     password TEXT not null,
-    name TEXT,
+    name unique TEXT,
     organization TEXT,
     is_admin INTEGER default 0 not null,
     key TEXT

templates/layout.html

@@ -35,7 +35,7 @@
       <a href="#" class="btn dropdown-toggle" data-toggle="dropdown"><b class="caret"></b></a>
       <ul class="dropdown-menu pull-right">
         <li><a href=""><i class="icon-comment"></i> Votes en attente</a></li>
-        <li><a href="{{ url_for('show_user', username=session.username) }}"><i class="icon-cog"></i> Paramètres</a></li>
+        <li><a href="{{ url_for('user_settings', username=session.username) }}"><i class="icon-cog"></i> Paramètres</a></li>
         <li class="divider"></li>
         <li><a href="{{ url_for('logout') }}"><i class="icon-off"></i> Déconnexion</a></li>
       </ul>

templates/show_user.html

@@ -0,0 +1,14 @@
+{% extends "layout.html" %}
+{% block body %}
+<h2>{{ session.username }}</h2>
+<div class="span8">
+  <dl>
+    <dt>Email :
+    <dd>{{ session.email }}
+    <dt>Association :
+    <dd>{{ session.organization }}
+    <dt>Groupes :
+    <dd><em>à venir</em>
+</div>
+{% endblock %}
+

templates/user_settings.html

@@ -1,5 +1,61 @@
 {% extends "layout.html" %}
 {% block body %}
 <h2>{{ session.username }}</h2>
+<div class="row">
+  <div class="span6 well">
+    <form class="form-horizontal" action="{{ url_for('user_settings', username=session.username) }}" method="post">
+    <fieldset><legend>Mise à jour du profil utilisateur</legend>
+      <div class="alert"><strong>Attention :</strong> À l'issue de ce formulaire, vous devrez vous reconnecter</div>
+      <div class="control-group">
+        <label class="control-label" for="email">E-mail</label>
+        <div class="controls">
+            <input type="text" name="email" id="email" value="{{ session.email }}"/>
+        </div>
+      </div>
+      <div class="control-group">
+          <label class="control-label" for="name">Nom</label>
+          <div class="controls">
+              <input type="text" name="name" id="name" value="{{ session.username }}" />
+          </div>
+      </div>
+      <div class="control-group">
+        <label class="control-label" for="organization">Association</label>
+        <div class="controls">
+            <input type="text" name="organization" id="organization" value="{{ session.organization }}"/>
+        </div>
+      </div>
+      <!--<label for="password">Mot de passe</label>
+      <input type="password" name="password" id="password" />-->
+      <div class="form-actions">
+        <input type="submit" class="btn btn-primary" value="Enregistrer" />
+        <input type="reset" class="btn" value="Annuler" />
+      </div>
+    </fieldset>
+    </form>
+  </div>
+
+  <div class="span5 well">
+    <form class="form-horizontal" action="{{ url_for('user_password', username=session.username) }}" method="post">
+    <fieldset><legend>Modification du mot de passe</legend>
+      <div class="control-group">
+        <label class="control-label" for="password">Mot de passe</label>
+        <div class="controls">
+            <input type="password" name="password" id="password" />
+        </div>
+      </div>
+      <div class="control-group">
+        <label class="control-label" for="password2">Confirmation</label>
+        <div class="controls">
+            <input type="password" name="password2" id="password2" />
+        </div>
+      </div>
+      <div class="form-actions">
+        <input type="submit" class="btn btn-primary" value="Enregistrer" />
+        <input type="reset" class="btn" value="Annuler" />
+      </div>
+    </fieldset>
+    </form>
+  </div>
+</div>
 {% endblock %}