View function which handles a change password request.
()
| 893 | @pgCSRFProtect.exempt |
| 894 | @pga_login_required |
| 895 | def change_password(): |
| 896 | """View function which handles a change password request.""" |
| 897 | |
| 898 | form_class = _security.forms.get('change_password_form').cls |
| 899 | req_json = request.get_json(silent=True) |
| 900 | |
| 901 | if not req_json: |
| 902 | form = form_class() |
| 903 | return { |
| 904 | 'csrf_token': form.csrf_token._value() |
| 905 | } |
| 906 | elif req_json: |
| 907 | form = form_class(MultiDict(req_json)) |
| 908 | if form.validate(): |
| 909 | errormsg = None |
| 910 | # change_user_password from flask-security logs out the user |
| 911 | # this is undesirable, so change password on own |
| 912 | try: |
| 913 | user = User.query.filter( |
| 914 | User.fs_uniquifier == current_user.fs_uniquifier)\ |
| 915 | .first() |
| 916 | user.password = hash_password(form.new_password.data) |
| 917 | |
| 918 | try: |
| 919 | send_password_changed_notice(user) |
| 920 | except Exception as _: |
| 921 | # No need to throw error if failed in sending email |
| 922 | pass |
| 923 | except Exception as e: |
| 924 | # Handle other exceptions. |
| 925 | logging.exception(str(e), exc_info=True) |
| 926 | errormsg = gettext(PASS_ERROR).format(e) |
| 927 | |
| 928 | if errormsg is None: |
| 929 | old_key = get_crypt_key()[1] |
| 930 | set_crypt_key(form.new_password.data, False) |
| 931 | |
| 932 | from pgadmin.browser.server_groups.servers.utils \ |
| 933 | import reencrpyt_server_passwords |
| 934 | reencrpyt_server_passwords( |
| 935 | current_user.id, old_key, form.new_password.data) |
| 936 | |
| 937 | db.session.commit() |
| 938 | elif errormsg is not None: |
| 939 | return internal_server_error(errormsg) |
| 940 | else: |
| 941 | return bad_request(_first_form_error_message( |
| 942 | form, gettext('Invalid input.'))) |
| 943 | |
| 944 | return make_json_response( |
| 945 | success=1, |
| 946 | info=gettext('pgAdmin user password changed successfully') |
| 947 | ) |
| 948 | |
| 949 | # Only register route if SECURITY_RECOVERABLE is set to True |
| 950 | if hasattr(config, 'SECURITY_RECOVERABLE') and config.SECURITY_RECOVERABLE: |
nothing calls this directly
no test coverage detected