enforce password change if password is changeme
This commit is contained in:
@@ -4,6 +4,7 @@ from models import db, User
|
||||
from forms import UserForm
|
||||
from flask import abort
|
||||
from sqlalchemy import or_
|
||||
from routes.auth import require_password_change
|
||||
import json
|
||||
import os
|
||||
from werkzeug.utils import secure_filename
|
||||
@@ -23,6 +24,7 @@ def admin_required():
|
||||
|
||||
@contacts_bp.route('/')
|
||||
@login_required
|
||||
@require_password_change
|
||||
def contacts_list():
|
||||
result = admin_required()
|
||||
if result: return result
|
||||
@@ -76,6 +78,7 @@ def contacts_list():
|
||||
|
||||
@contacts_bp.route('/new', methods=['GET', 'POST'])
|
||||
@login_required
|
||||
@require_password_change
|
||||
def new_contact():
|
||||
result = admin_required()
|
||||
if result: return result
|
||||
@@ -114,19 +117,16 @@ def new_contact():
|
||||
is_admin=form.is_admin.data,
|
||||
profile_picture=profile_picture
|
||||
)
|
||||
if form.new_password.data:
|
||||
user.set_password(form.new_password.data)
|
||||
else:
|
||||
flash('Password is required when creating a new user.', 'error')
|
||||
return render_template('contacts/form.html', form=form, title='New User', total_admins=total_admins)
|
||||
user.set_password('changeme') # Set default password
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
flash('User created successfully!', 'success')
|
||||
flash('User created successfully! They will need to change their password on first login.', 'success')
|
||||
return redirect(url_for('contacts.contacts_list'))
|
||||
return render_template('contacts/form.html', form=form, title='New User', total_admins=total_admins)
|
||||
|
||||
@contacts_bp.route('/profile/edit', methods=['GET', 'POST'])
|
||||
@login_required
|
||||
@require_password_change
|
||||
def edit_profile():
|
||||
form = UserForm()
|
||||
total_admins = User.query.filter_by(is_admin=True).count()
|
||||
@@ -168,6 +168,7 @@ def edit_profile():
|
||||
|
||||
@contacts_bp.route('/<int:id>/edit', methods=['GET', 'POST'])
|
||||
@login_required
|
||||
@require_password_change
|
||||
def edit_contact(id):
|
||||
result = admin_required()
|
||||
if result: return result
|
||||
@@ -237,6 +238,7 @@ def edit_contact(id):
|
||||
|
||||
@contacts_bp.route('/<int:id>/delete', methods=['POST'])
|
||||
@login_required
|
||||
@require_password_change
|
||||
def delete_contact(id):
|
||||
result = admin_required()
|
||||
if result: return result
|
||||
@@ -251,6 +253,7 @@ def delete_contact(id):
|
||||
|
||||
@contacts_bp.route('/<int:id>/toggle-active', methods=['POST'])
|
||||
@login_required
|
||||
@require_password_change
|
||||
def toggle_active(id):
|
||||
result = admin_required()
|
||||
if result: return result
|
||||
|
||||
Reference in New Issue
Block a user