first working password change version

app.py

@@ -6,56 +6,59 @@ from bottle import route, run, template, error, get, \
 
 
 # config
+
 # load config from configfile instead of defining it here
 cookie_secret='.0)>ZCqL Fvi3m$;c VY-$&^65 r3Yg,$vC +U?1#zy] 2[]rUsru .yd4-GiE *i#i4Wr['
 cookie_max_age=1800 #seconds
-app_name='accounts'
+cookie_name='accounts'
+app_name='SocialNerds Accounts'
 static_files="/home/david/Git/accounts/static"
-#miab_admin='someuser@socialnerds.org'
-#miab_passwd='xxx'
+miab_admin='someadmin@socialnerds.org'
+miab_passwd='xxxxx'
 miab_url='https://excelsior.socialnerds.org/admin'
 
 
-
-
 # functions
 
 # verify session
 # if valid we return the username
 def logged_in():
     #read remote cookie
-    username = request.get_cookie(app_name, secret=cookie_secret)
+    username = request.get_cookie(cookie_name, secret=cookie_secret)
     if username:
         return username
     else:
         return False
 
-
 # do actual authentication against Mail-in-a-box
 def miab_auth(username, password):
     #authenticate against miab api
     a = requests.get(miab_url + "/mail/users", auth=(username, password))
     # if valid set cookie and return True
     if a.text == 'You are not an administrator.\n' or a.status_code == 200:
-        response.set_cookie(app_name, username, secret=cookie_secret, max_age=cookie_max_age)
+        response.set_cookie(cookie_name, username, secret=cookie_secret, max_age=cookie_max_age)
         return True
     else:
         #or False
         return False
 
+# change password for Mail-in-a-box
+def miab_password(username, password):
+    return True
+
 
 # routing
 
 @get('/')
 def home():
     username = logged_in()
+    message = request.get_cookie(cookie_name + "_message", secret=cookie_secret)
     if username:
         # render homepage
-        return template('default', username=username, app_name=app_name)
+        return template('default', username=username, app_name=app_name, message=message)
     else:
         redirect('/login')
 
-
 @get('/login')
 @get('/login/')
 def login():
@@ -71,6 +74,8 @@ def post_login():
     username = request.forms.get('username')
     password = request.forms.get('password')
     if miab_auth(username, password):
+        message = { "message": "You have logged in successfully!", "alert": "success" }
+        response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
         redirect('/')
     else:
         redirect('/login')
@@ -79,13 +84,63 @@ def post_login():
 @get('/logout')
 @get('/logout/')
 def logout():
-    response.delete_cookie(app_name)
-    redirect('/login')
+    if logged_in():
+        response.delete_cookie(cookie_name)
+        redirect('/')
+    else:
+        redirect('/')
 
+# serve static files
 @get('/static/<filename:path>')
 def send_static(filename):
     return static_file(filename, root=static_files)
 
+# change account password
+@post('/password')
+def post_password():
+    username = logged_in()
+    if username:
+        oldpassword = request.forms.get('oldpassword')
+        newpassword = request.forms.get('newpassword')
+        if miab_auth(username, oldpassword):
+            data = { "email": username, }
+            r = requests.post(miab_url + "/mail/users/remove", data=data, auth=(miab_admin, miab_passwd))
+            data = { "email": username, "password": newpassword }
+            a = requests.post(miab_url + "/mail/users/add", data=data, auth=(miab_admin, miab_passwd))
+            if r.status_code == 200 and a.status_code == 200:
+                message = { "message": "Your password has been changed successfully!", "alert": "primary" }
+                response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
+                redirect('/')
+            else:
+                message = { "message": "Something went wrong while changing your password!", "alert": "danger" }
+                response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
+                redirect('/')
+        else:
+            message = { "message": "Your supplied password is wrong!", "alert": "danger" }
+            response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
+            redirect('/')
+    else:
+        redirect('/login')
+
+
+#@post('/delete')
+#def delete_account():
+#    username = logged_in()
+#    password = #from form
+#    if miab_auth(username, password):
+#        #do the actual delete
+#    else:
+#        #render default and send flash error message
+
+#@post('/alias/add')
+#def add_alias():
+#    pass
+
+#@post('/alias/delete')
+#def delete_alias():
+#    pass
+
+
 
 # run development webserver
 run(host='localhost', port=8000, debug=True, reloader=True)

views/default.tpl

@@ -44,7 +44,12 @@
     </nav>-->
 
     <div class="container">
-
+      %if message:
+        <div class="alert alert-{{ message['alert'] }} alert-dismissible" role="alert">
+          <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+          {{ message['message'] }}.
+        </div>
+      %end
       <div class="starter-template">
         <h1>{{ username }}</h1>
         <p class="lead">You are logged in. (<a href="/logout">logout</a>)</p>
@@ -55,13 +60,13 @@
       <div class="starter-template">
         <h2>Change password</h2>
           <hr>
-
-          <form class="form-inline">
+          <p>Enter your old password and your desired password and hit the change button.<br><small>Watch typos! I will not watch for you.</small></p>
+          <form class="form-inline" action="/password" method="post">
             <div class="form-group">
-              <input type="password" class="form-control input-sm" id="changepasswordInput" placeholder="Old password">
+              <input name="oldpassword" type="password" class="form-control input-sm" id="changepasswordInput" placeholder="Old password">
             </div>
             <div class="form-group">
-              <input type="password" class="form-control input-sm" id="changepasswordInput2" placeholder="New password">
+              <input name="newpassword" type="password" class="form-control input-sm" id="changepasswordInput2" placeholder="New password">
             </div>
             <button type="submit" class="btn btn-primary btn-sm">change</button>
           </form>
@@ -73,7 +78,7 @@
       <div class="starter-template">
         <h2>Manage aliases</h2>
           <hr>
-          <p>Aliases are additional email addresses which will be forwarded to your account. Besides your primary email address you can use an alias to send your emails.<br><small>Available domains: <b>@aundas.org</b>, <b>@socialnerds.org</b> and <b>@phlo.at</b><br>Be aware the limit of five active aliases.</small></p>
+          <p>Aliases are additional email addresses which will be forwarded to your account. Besides your primary email address you can use an alias to send your emails.<br><small>Available domains: <b>@aundas.org</b>, <b>@socialnerds.org</b>, <b>@phlo.at</b>, <b>@gmur.ml</b>, <b>@socialg.it</b><br>Be aware the limit of five active aliases.</small></p>
           <p>david@aundas.org (<a href="#">delete</a>)</p>
           <p>david@socialnerds.org (<a href="#">delete</a>)</p>
           <p>hugo17@socialnerds.org (<a href="#">delete</a>)</p>

views/login.tpl

@@ -27,7 +27,7 @@
         <input name="username" type="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
         <label for="inputPassword" class="sr-only">Password</label>
         <input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
-        <p>For security reasons every session will expire 30 minutes after login.</p>
+        <p>For security reasons every session will expire {{ int(cookie_max_age/60) }} minutes after login.</p>
         <button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
       </form>